From owner-freebsd-questions@FreeBSD.ORG Wed Nov 28 14:12:44 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F8FD16A418 for ; Wed, 28 Nov 2007 14:12:44 +0000 (UTC) (envelope-from philip@ridecharge.com) Received: from EXHUB015-4.exch015.msoutlookonline.net (exhub015-4.exch015.msoutlookonline.net [207.5.72.96]) by mx1.freebsd.org (Postfix) with ESMTP id 5944A13C461 for ; Wed, 28 Nov 2007 14:12:44 +0000 (UTC) (envelope-from philip@ridecharge.com) Received: from philip.hq.rws (74.93.213.161) by smtpx15.msoutlookonline.net (207.5.72.103) with Microsoft SMTP Server (TLS) id 8.0.744.0; Wed, 28 Nov 2007 06:12:43 -0800 Message-ID: <474D7759.2070200@riderway.com> Date: Wed, 28 Nov 2007 09:12:41 -0500 From: "Philip M. Gollucci" Organization: Riderway Inc. User-Agent: Thunderbird 2.0.0.6 (X11/20070919) MIME-Version: 1.0 To: =?ISO-8859-1?Q?F=E9lix_Langelier?= References: In-Reply-To: Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit Cc: "freebsd-questions@freebsd.org" Subject: Re: Network Configuration with Jails. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2007 14:12:44 -0000 Félix Langelier wrote: > Hello, > > I run a FreeBSD Jailer and I want to have multiple jails in 2 seperate networks. The server has 2 network interfaces and each of them are connected in a different network. Say vlan1 and vlan2. > > My problem is that all the network traffic is going through the first interface (vlan1). What I need is that a jail in vlan1 can't communicate with a jail in vlan2 (and vice-versa). > > Is it possible to split the network traffic in the right interfaces and use a diffrent default gateway for each of them ? > > Here is my /etc/rc.d configuration. > > defaultrouter="192.168.1.1" > > static_routes="vlan1 vlan2" > route_vlan1="-net 192.168.1.0/24 192.168.1.1" > route_vlan2="-net 192.168.2.0/24 192.168.2.1" > > # vlan1 interface config. > ifconfig_bge0="inet 192.168.1.10 netmask 255.255.255.0" > ifconfig_bge0_alias0="192.168.1.11 netmask 255.255.255.255" > > # vlan2 interface config. > ifconfig_bge1="inet 192.168.2.10 netmask 255.255.255.0" > ifconfig_bge1_alias0="inet 192.168.2.11 netmask 255.255.255.255" > > I tried to remove the default gateway but then the server was unreachable. > I am thinking of using pf to resolve my issue. Removing the default gateway will work, but you have to add back _similiar_ routes, you can't just remove it. -- ------------------------------------------------------------------------ Philip M. Gollucci (philip@ridecharge.com) o:703.549.2050x206 Senior System Admin - Riderway, Inc. http://riderway.com / http://ridecharge.com 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching.