Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 9 Apr 2012 15:11:50 -0500
From:      Mark Felder <feld@feld.me>
To:        freebsd-jail@freebsd.org
Subject:   Re: Jail source address selection broken, patch for ping
Message-ID:  <op.wcik10bo34t2sn@tech304>
In-Reply-To: <493438014.49159.1333999007132.JavaMail.root@mrelmx09.mrec.ar>
References:  <493438014.49159.1333999007132.JavaMail.root@mrelmx09.mrec.ar>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 09 Apr 2012 14:16:47 -0500, Juan F. D=C3=ADaz y D=C3=ADaz =20
<jfd@mrecic.gov.ar> wrote:

> Mark, you can just run a jail with the setfib utility so you don't =
need =20
> to modify all your scripts.

I don't think anyone here is understanding the issue and forcing a =
routing =20
table will not help.

root@jailhost:/# jls -v
    JID  Hostname                      Path
         Name                          State
         CPUSetID
         IP Address(es)
      3  xymon.xxxxxx.net            /usr/jails/xymon.xxxxxx.net
         3                             ACTIVE
         2
         66.xxx.xxx.xxx
         192.168.89.xxx  <-- different vlans for each
         192.168.93.xxx
         192.168.94.xxx
         192.168.95.xxx
         192.168.96.xxx
         192.168.97.xxx


root@jailhost:/# ifconfig   (edited output)
vlan989: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 =
mtu =20
1500
         options=3D103<RXCSUM,TXCSUM,TSO4>
         ether d4:ae:52:6a:ec:d9
         inet 192.168.89.xxx netmask 0xffffff00 broadcast 192.168.89.255
         inet6 fe80::d6ae:52ff:fe6a:ecd9%vlan989 prefixlen 64 scopeid 0x6
         nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
         media: Ethernet autoselect (1000baseT <full-duplex>)
         status: active
         vlan: 989 parent interface: bce1
vlan993: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 =
mtu =20
1500
         options=3D103<RXCSUM,TXCSUM,TSO4>
         ether d4:ae:52:6a:ec:d9
         inet 192.168.93.xxx netmask 0xffffff00 broadcast 192.168.93.255
         inet6 fe80::d6ae:52ff:fe6a:ecd9%vlan993 prefixlen 64 scopeid 0x7
         nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
         media: Ethernet autoselect (1000baseT <full-duplex>)
         status: active
         vlan: 993 parent interface: bce1
vlan994: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 =
mtu =20
1500
         options=3D103<RXCSUM,TXCSUM,TSO4>
         ether d4:ae:52:6a:ec:d9
         inet 192.168.94.xxx netmask 0xffffff00 broadcast 192.168.94.255
         inet6 fe80::d6ae:52ff:fe6a:ecd9%vlan994 prefixlen 64 scopeid 0x8
         nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
         media: Ethernet autoselect (1000baseT <full-duplex>)
         status: active
         vlan: 994 parent interface: bce1
vlan996: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 =
mtu =20
1500
         options=3D103<RXCSUM,TXCSUM,TSO4>
         ether d4:ae:52:6a:ec:d9
         inet 192.168.96.xxx netmask 0xffffff00 broadcast 192.168.96.255
         inet6 fe80::d6ae:52ff:fe6a:ecd9%vlan996 prefixlen 64 scopeid 0x9
         nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
         media: Ethernet autoselect (1000baseT <full-duplex>)
         status: active
         vlan: 996 parent interface: bce1
vlan997: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 =
mtu =20
1500
         options=3D103<RXCSUM,TXCSUM,TSO4>
         ether d4:ae:52:6a:ec:d9
         inet 192.168.97.xxx netmask 0xffffff00 broadcast 192.168.97.255
         inet6 fe80::d6ae:52ff:fe6a:ecd9%vlan997 prefixlen 64 scopeid 0xa
         nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
         media: Ethernet autoselect (1000baseT <full-duplex>)
         status: active
         vlan: 997 parent interface: bce1





All of these vlan interfaces go into a SINGLE jail. Setting the fib will =
=20
not help; the jail already has the default routing table. The problem is =
=20
that you can't access these different VLANs with many network utilities =20
because it sets your source IP in the packet as the first IP the jail =
has =20
bound to it: 66.xxx.xxx.xxx



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.wcik10bo34t2sn>