From owner-freebsd-jail@freebsd.org Wed May 18 14:12:18 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0E0DB3F79F for ; Wed, 18 May 2016 14:12:18 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 655781E55 for ; Wed, 18 May 2016 14:12:18 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 5CCF625D389C; Wed, 18 May 2016 14:12:15 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 54B57D1F8BA; Wed, 18 May 2016 14:12:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id 4htiZQllDf9n; Wed, 18 May 2016 14:12:12 +0000 (UTC) Received: from [IPv6:fde9:577b:c1a9:4410:10a6:9e53:5e9c:c191] (unknown [IPv6:fde9:577b:c1a9:4410:10a6:9e53:5e9c:c191]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 5D085D1F8A6; Wed, 18 May 2016 14:12:12 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: jails in different private subnets on the same host From: "Bjoern A. Zeeb" In-Reply-To: Date: Wed, 18 May 2016 14:11:51 +0000 Cc: freebsd-jail@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Grzegorz Junka X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2016 14:12:18 -0000 > On 18 May 2016, at 14:00 , Grzegorz Junka wrote: >=20 > Is it possible to have two jails on the same host each one in a = different private subnet, e.g. 192.168.1.0 and 10.33.1.0, and have = routing between them working without issues? >=20 > I know it's possible to run jails with IPs in those two subnets but it = seems there is no routing and I am not sure if it's because I can't = configure my router properly or there is a more fundamental problem. One = issue I see is that the jail can't have a different default gateway than = the host, and that for now is 192.168.1.1, but I don't see a reason why = 10.33.1.0 wouldn't be able to use 192.168.1.1 as it's default gateway = provided there is routing between those two subnets. Given they are both on the same base system host, both addresses are = connected locally and thus the kernel knows where to deliver these = packets. If that doesn=E2=80=99t work, there is a bug somewhere. If you want different default gateways then you may want to look into = using different FIBs for different jails. See route(8) and jail(8) for = parameters to set and tune. /bz