From owner-freebsd-jail@FreeBSD.ORG  Fri Jan  3 14:10:25 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8B7B1F08
 for <freebsd-jail@freebsd.org>; Fri,  3 Jan 2014 14:10:25 +0000 (UTC)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 06D7A10A3
 for <freebsd-jail@freebsd.org>; Fri,  3 Jan 2014 14:10:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id s03EAEl0097289;
 Sat, 4 Jan 2014 01:10:15 +1100 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Sat, 4 Jan 2014 01:10:14 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Alejandro Imass <aimass@yabarana.com>
Subject: Re: Allowing routing table visibility in jails to make multiple IPs
 work properly
In-Reply-To: <CAHieY7R_M95UxVX=sY+32hF1JUiC4tw2eRko7tNswChN8cw+Zw@mail.gmail.com>
Message-ID: <20140104005845.V35277@sola.nimnet.asn.au>
References: <201311301000.rAUA00eG045983@freefall.freebsd.org>
 <52C66E09.80307@monkeybrains.net>
 <CAHieY7R_M95UxVX=sY+32hF1JUiC4tw2eRko7tNswChN8cw+Zw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2014 14:10:25 -0000

On Fri, 3 Jan 2014 08:05:55 -0500, Alejandro Imass wrote:
 > On Fri, Jan 3, 2014 at 3:00 AM, Rudy (bulk) <crapsh@monkeybrains.net> wrote:
 > >
 > > I'm having issues when putting multiple IPs on a jail... one external, one
 > > internal (on a different vlan).  The source IP from the jail is always the
 > > first IP, so a solution is to use ipfw_nat to nat when using the internal
 > > vlan to the 'second ip'.  Ugly hack. and it doesn't work when there is an
 > > MTU difference between the vlans:
 > >
 > 
 > Greetings Rudy,
 > 
 > I had the same exact problem and found that the problem is natd.
 > Actually it is mentioned in natd's documentation.

Alejandro, hi,

can you point out where in natd(8) it indicates .. what exactly?

 > If you want to get rid of this problem you need to get rid of natd and
 > nat your jail traffic with some other means. Kernel nat should be a
 > solution but I've never gotten around to test if it actually solves
 > the problem. Please share if you find a way to fix this.

I may have missed it, but I've yet to see anyone report any functional 
differences between natd and ipfw_nat, ie of something working in one 
but not the other.  Both use the underlying libalias(3) after all.

cheers, Ian