From owner-freebsd-questions@FreeBSD.ORG Tue Aug 27 22:28:40 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 4DD285E6 for ; Tue, 27 Aug 2013 22:28:40 +0000 (UTC) (envelope-from gibblertron@gmail.com) Received: from mail-ob0-x232.google.com (mail-ob0-x232.google.com [IPv6:2607:f8b0:4003:c01::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 1985327BC for ; Tue, 27 Aug 2013 22:28:40 +0000 (UTC) Received: by mail-ob0-f178.google.com with SMTP id ef5so5914723obb.9 for ; Tue, 27 Aug 2013 15:28:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=wiDKUBIzDUEQjxkFDXxTG/yjcFDfZ4qSceP5z3x3lcI=; b=ci92wFJTBcvG+ttMVQCMb102eRqdP4FoK2S0wwgEv+GTRSIi0/0p2hBINLxsGYrGdo fXbMqCT+S/MtUJcrS/18zPYyYkGSV5stU5k9RiJtt7FnPefxHnji/m0c+wPr2pURlOC/ TDxjlGyPZNvm8VPk0Bj09Dqzek3K7AYQyVtxweVCiCgdvm40kGfiD1V4Tt6p+mqgAnQq 1QtTsTynL28q3zUYAcg0acgusdyLsBIoVHEUPsk+ZUxWZEmvySr8+uZLNoNw6YXKiElJ 5b+Zs3iJpPBkw//mTum5tPtCNQljnnHhCE9Kt/g8lTwFNb60x6ivbotsKPPjczXaydC/ rjwQ== MIME-Version: 1.0 X-Received: by 10.182.205.194 with SMTP id li2mr3997744obc.97.1377642517850; Tue, 27 Aug 2013 15:28:37 -0700 (PDT) Received: by 10.182.45.228 with HTTP; Tue, 27 Aug 2013 15:28:37 -0700 (PDT) In-Reply-To: References: Date: Tue, 27 Aug 2013 15:28:37 -0700 Message-ID: Subject: Re: Jail with public IP alias From: Patrick To: Alejandro Imass Content-Type: text/plain; charset=ISO-8859-1 Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Aug 2013 22:28:40 -0000 That's not the behaviour I see. My jail has a private and public IP. $ ifconfig bce1 bce1: flags=8843 metric 0 mtu 1500 options=c01bb ether a4:ba:db:29:7a:1b inet 192.168.42.23 netmask 0xffffffff broadcast 192.168.42.23 media: Ethernet autoselect (1000baseT ) status: active If I ssh into another host on the 192.168.42.0 network, I see: $ who patrick ttyp1 Aug 27 15:21 (192.168.42.23) The host of the jail has multiple IPs on that private subnet: $ ifconfig bce1 bce1: flags=8843 metric 0 mtu 1500 options=c01bb ether a4:ba:db:29:7a:1b inet 192.168.42.17 netmask 0xffffff00 broadcast 192.168.42.255 inet 192.168.42.18 netmask 0xffffffff broadcast 192.168.42.18 inet 192.168.42.19 netmask 0xffffffff broadcast 192.168.42.19 inet 192.168.42.20 netmask 0xffffffff broadcast 192.168.42.20 inet 192.168.42.21 netmask 0xffffffff broadcast 192.168.42.21 inet 192.168.42.23 netmask 0xffffffff broadcast 192.168.42.23 inet 192.168.42.24 netmask 0xffffffff broadcast 192.168.42.24 media: Ethernet autoselect (1000baseT ) status: active Are you using NAT from your jail to the outside world? Patrick On Tue, Aug 27, 2013 at 2:21 PM, Alejandro Imass wrote: > On Tue, Aug 27, 2013 at 4:59 PM, Alejandro Imass wrote: >> Hi, >> >> I have a machine with several public IPs on the same NIC and I bound >> one of those IPs to a jail created with EzJail. Suppose the scenario >> is something like this: >> >> em0 >> 190.100.100.1 >> 190.100.100.2 >> 190.100.100.3 >> 190.100.100.4 >> >> In the jail we are bound only to 190.100.100.4 >> >> The default router is correctly set on the jail, etc. >> >> But when we ssh out of that jail, or send an email, the receiving end >> always sees 190.100.100.1 not 190.100.100.4 which is the IP the jail >> is bound to. > > > I think my problem is actually more basic than this. The problem > actually occurs on the base system as well and I think it's because > all the IPs are on the same subnet, then the kernel assumes to use the > primary IP as the source address. For the sake and usefulness of the > mail archives I will end this thread here and start another one with a > more appropriate title, not before researching to see if this can be > done with the routing table or if I need to use ipfw to re-write the > source address. > > Thanks, > > -- > Alejandro Imass > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"