Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Aug 2015 08:40:00 +0200
From:      Florian Ermisch <0xf10e@fsfe.org>
To:        freebsd-stable <freebsd-stable@freebsd.org>
Subject:   Re: Multiple IP/subnet in jail, source address for connections
Message-ID:  <71B0E1A4-0AC8-42E6-96E6-2A3B0C316F02@fsfe.org>
In-Reply-To: <CAHDg04sUda1T=LUHJAKAumbTWp3poP3KyArtQzn3eQM1YBa7ug@mail.gmail.com>
References:  <55DB8B79.40700@searchy.net> <CAHDg04sUda1T=LUHJAKAumbTWp3poP3KyArtQzn3eQM1YBa7ug@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On Mon, Aug 24, 2015 at 2:24 PM, Frank de Bot (lists)
> <lists@searchy.net> wrote:
> > Hello,
> >
> > I'm trying to have jail with a public and a private IP address. 
> > Both
> > are on the same interface. The public is called 79.x.x.213 and
> > private
> > 10.4.3.6
> > Out from ifconfig within the jail is:
> >
> >         inet 79.x.x.213 netmask 0xffffffff broadcast 79.x.x.213
> >         inet 10.4.3.6 netmask 0xffffffff broadcast 10.4.3.6
> >
> > When I try to reach a host on the 10.4.3.0/24 network, it will use
> > the
> > source address 79.x.x.123 (seen with tcpdump)
> > When done outside of the jail on the server, it does have the right
> > source address.
> > How can I get my jail to have the right source address? Some tools
> > provide a way to define a source address, like telnet -s,  but it's
> > not
> > workable.
> >
> >
> > Frank de Bot
> >

Am 24. August 2015 23:46:10 MESZ, schrieb Michael Loftis <mloftis@wgops.com>:
> Normally when jails are added their IPs are created as "normal"
> aliases, so they'll get a /32 netmask when you don't specify.  So
> Depending on how you're creating the jail you'll need to specify the
> netmask with the IP wherever you configure your jail.  (You didn't
> mention if you're using ezjail or not for example....)
> 

I guess Frank is connecting to the private IP from inside the same subnet. Thus the host is using its default route to answer.
When you add a route to your other private networks, say they're all inside 10.0.0.0/8, via the gateway in 10.4.3.0/24 the host should use its private IP to respond (looks up route to 10.5.17.0/24, matches 10.0.0.0/8, uses gw of 10.4.3.0/24, uses local address in 10.4.3.0/24 to send packets to gw of 10.4.3.0/24).
Of course this won't work w/o such a gateway in 10.4.3.0/24.

Regards, Florian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?71B0E1A4-0AC8-42E6-96E6-2A3B0C316F02>