From owner-freebsd-net@FreeBSD.ORG  Tue Dec 16 17:39:21 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 13D80F6A
 for <freebsd-net@freebsd.org>; Tue, 16 Dec 2014 17:39:21 +0000 (UTC)
Received: from mail-ie0-x22e.google.com (mail-ie0-x22e.google.com
 [IPv6:2607:f8b0:4001:c03::22e])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id CED6513C
 for <freebsd-net@freebsd.org>; Tue, 16 Dec 2014 17:39:20 +0000 (UTC)
Received: by mail-ie0-f174.google.com with SMTP id rl12so12861935iec.5
 for <freebsd-net@freebsd.org>; Tue, 16 Dec 2014 09:39:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :content-type; bh=hEwBe3mwIM7FlMpJFmsof+r+1lt8wel54+e1Hq5BkOI=;
 b=cH3PqOc3buqNVQnk3TwUiglZg3+LUKGR9DFzuNYmimOh+02XzENLxlxxgy/xYZH3Qv
 Ly6kSWvm1RbTWVfK3kWzJoMoRqwwe07NA2gnuNpopGexiac2GbAHYM3jmKKGSg3pQ9ql
 jiibdy3TJSemMQ6EnNOE0BTfzTkDXBFBj2TiAqPlpqz8aHrGCvZuItJNe3JBlq9Z5cDR
 erXd9fRkok3Bl7bhcxtz1V2kUc7J7mS5ka6jpTBmTOV9f5l9elwV3OLGwfNonfJLD+sA
 PV2I08LuL/Xb1HUW54I9dB6IW4ZdOnQYnWORVUshp549y2vV4Qi6fmeXXXU0/7U9x190
 xlNQ==
X-Received: by 10.107.32.5 with SMTP id g5mr35752569iog.20.1418751560312; Tue,
 16 Dec 2014 09:39:20 -0800 (PST)
MIME-Version: 1.0
Received: by 10.50.252.39 with HTTP; Tue, 16 Dec 2014 09:39:00 -0800 (PST)
In-Reply-To: <CABk4_A61y1m8hXXkOPEKSbzf74j64MNtYhfV59enVuJfPwQApQ@mail.gmail.com>
References: <CABk4_A61y1m8hXXkOPEKSbzf74j64MNtYhfV59enVuJfPwQApQ@mail.gmail.com>
From: Alexander Lunev <sol289@gmail.com>
Date: Tue, 16 Dec 2014 20:39:00 +0300
Message-ID: <CABk4_A6mQe-w-oSRBOw-yZyPc7tG7MOnvMUGEtZ7ePzcBK=kUQ@mail.gmail.com>
Subject: Fwd: only lo0 interface inside jail, no default gw
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Dec 2014 17:39:21 -0000

Hello everyone.

I'm trying to build jail environment on a new server with 10.1-R. I've did
that before on 9.2-R, but now i'm stuck with strange network problem: no
matter how i configure jail (old way through rc.conf jail_* variables or
via /etc/jail.conf), i don't see default gateway in jail's routing table.
At first i started with more complex config using separate fib for jail,
but it's not working even without fibs (or in fib 0). So, here's what i
have in the host system:

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
default            10.1.1.1           UGS       em0.4
10.1.1.0/24        link#4             U         em0.4
10.1.1.205         link#4             UHS         lo0
10.1.1.206         link#4             UHS         lo0
127.0.0.1          link#3             UH          lo0
127.0.0.2          link#3             UH          lo0

# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        ether 00:30:48:c1:e1:b4
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        inet 127.0.0.2 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
em0.4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=103<RXCSUM,TXCSUM,TSO4>
        ether 00:30:48:c1:e1:b4
        inet 10.1.1.205 netmask 0xffffff00 broadcast 10.1.1.255
        inet 10.1.1.206 netmask 0xffffff00 broadcast 10.1.1.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        vlan: 4 parent interface: em0

I can ping internet from a host via gateway 10.1.1.1

And here's what i have in jail:

====== BOF /etc/jail.conf =========
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
mount.devfs;
allow.raw_sockets;
path = "/usr/jails/$name";

template {
    jid = 1;
    ip4.addr = "em0.4|10.1.1.206/24";
    ip4.addr += "lo0|127.0.0.2/8";
    host.hostname = template;
}
====== EOF /etc/jail.conf =========

# jexec 1 netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
10.1.1.206         link#4             UHS         lo0
127.0.0.2          link#3             UH          lo0

I can ping gateway from jail

# jexec 1 ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1): 56 data bytes
64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=0.366 ms
^C

But not the Internet or anything via routing.

I have no default gateway in jail - why? What have i missed in this new
jail implementation since 9.2-R?

Crossposted to freebsd-jail@

-- 
your sweet isn't ready yet