From owner-freebsd-jail@FreeBSD.ORG Tue May 28 16:25:45 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 187B9339 for ; Tue, 28 May 2013 16:25:45 +0000 (UTC) (envelope-from gofj-freebsd-jail@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) by mx1.freebsd.org (Postfix) with ESMTP id D01277A6 for ; Tue, 28 May 2013 16:25:44 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1UhMiV-0004tY-1T for freebsd-jail@freebsd.org; Tue, 28 May 2013 18:25:43 +0200 Received: from 105-236-93-112.access.mtnbusiness.co.za ([105.236.93.112]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 28 May 2013 18:25:42 +0200 Received: from lists by 105-236-93-112.access.mtnbusiness.co.za with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 28 May 2013 18:25:42 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-jail@freebsd.org From: Mogamat Abrahams Subject: Re: Cant reach Jailed services from internet. Date: Tue, 28 May 2013 16:25:26 +0000 (UTC) Lines: 40 Message-ID: References: <20130528145629.X55451@sola.nimnet.asn.au> <20130528080719.GA11195@eik.bme.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 105.236.93.112 (Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 May 2013 16:25:45 -0000 Hi Thanks for the help thus far. > of four /32s. I would configure a static route on the default gateway > for 174.x.x.76/30 -> 67.x.x.x, then on the host I'd assign the four /32s > to lo1..lo4. >From the internet I can reach services on the host which are bound to these addresses. Still no luck with the jails.... is there anything else I can to to diagnose this? >Packets arrive to the jails because of the /30 static route > in the neighbouring router, packets leave the jail because of the host's > already existing default route, and of course traffic between the jails > and the host are OK because the kernel knows its own interfaces. > (Actually that's how I run my FreeBSD jails.) Talking about routes, i take it these are configured by the kernel? Internet: Destination Gateway Flags Refs Use Netif Expire default 67.x.x.33 UGS 0 2319 em0 67.x.x.32/27 link#1 U 0 0 em0 67.x.x.57 link#1 UHS 0 0 lo0 127.0.0.1 link#7 UH 0 94 lo0 174.x.x.76 link#1 UHS 0 0 lo0 => 174.x.x.76/32 link#1 U 0 0 em0 => 174.x.x.76/30 link#1 U 0 0 em0 174.x.x.77 link#1 UHS 0 28 lo0 => 174.x.x.77/32 link#1 U 0 0 em0 174.x.x.78 link#1 UHS 0 0 lo0 --- jls : JID IP Address Hostname Path 1 174.x.x.76 webhost /usr/jails/webhost 2 174.x.x.77 openerp /usr/jails/openerp