From owner-freebsd-net@FreeBSD.ORG Wed Jan 29 12:22:58 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5428A8AD for ; Wed, 29 Jan 2014 12:22:58 +0000 (UTC) Received: from mail-ve0-x22e.google.com (mail-ve0-x22e.google.com [IPv6:2607:f8b0:400c:c01::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 045CE12A3 for ; Wed, 29 Jan 2014 12:22:57 +0000 (UTC) Received: by mail-ve0-f174.google.com with SMTP id pa12so1097980veb.19 for ; Wed, 29 Jan 2014 04:22:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=berentweb.com; s=google; h=mime-version:reply-to:sender:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=NeSbL7nm53wNG66yBirEJtIgQwFYAgvI1rUEwVep/6s=; b=hAdxvDQlQ1SGF0cKlPHhbR5q8qHyaaAuDRsdFbGf5d86IC2MRsqvns431DroVb6J27 xdsk4TpI0zrBGsxi9d+aL1yDP02aHjPuT5Hx9bn9PoCKHDckNKH+l+OXkZFl5cQYiqbm /sjyDmodyaLgyeTnV7O2OHoAaGnvgxLwzyFPw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:sender:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=NeSbL7nm53wNG66yBirEJtIgQwFYAgvI1rUEwVep/6s=; b=mZY14CMGKRrZQdyRQDOWaShfvjfxYZQFW01qUgzfBPGlVEY82Nl63+F1P98UmqIT8h uIXnrtONLBc8KehmUlCIpxarDGGQMHGxQVmcJaHHLBIVmaGW6DZTe45ZFpcZbcNlCqkQ hN8iJjPaIf1pG0zZX1/lEjVf2qTZP6yBHX/gE74efO4xIz+aj4hgtsM4tupWAeqYyEmB nqhej2hP6Y4UWPT5nDsbsacE1pHCZocTYcu75Evogx44kRoCUtuLi6lKYCmQWYZkZcrr scdqVzC+haaS9rPY23biJCkgLvJbNM2IvnppY7hIA8D90q+wJGeswEj+D5VkaAihoB6C OS1g== X-Gm-Message-State: ALoCoQlB680rsNRGx46QJtgiwYKyI6aOU66fx/V9GsatpnsK9L28ha2kFPfaY1LmtkdugMrhKh+3 MIME-Version: 1.0 X-Received: by 10.59.0.193 with SMTP id ba1mr6328287ved.12.1390998176957; Wed, 29 Jan 2014 04:22:56 -0800 (PST) Sender: rsb@berentweb.com Received: by 10.220.146.145 with HTTP; Wed, 29 Jan 2014 04:22:56 -0800 (PST) X-Originating-IP: [83.66.213.127] In-Reply-To: References: <1390909590119-5880672.post@n5.nabble.com> <52E7A9D8.30604@freebsd.org> Date: Wed, 29 Jan 2014 14:22:56 +0200 X-Google-Sender-Auth: ln6vnDeEPagQjdMb25r91mE8380 Message-ID: Subject: Re: Jails on fib problem From: Beeblebrox To: Nikolay Denev Content-Type: text/plain; charset=ISO-8859-1 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: zaphod@berentweb.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jan 2014 12:22:58 -0000 Since no answer as to a-or-b option, I assumed (a) option was also flawed, so I went with (b). I moved the jails to a 192 address family. Current rc.conf: cloned_interfaces="lo2" ifconfig_lo2="inet 192.168.2.110/28" static_routes="jail default" route_jail="default 192.168.2.110 -fib 1" route_default="default 192.168.1.1" # setfib 1 netstat -rn Destination Gateway Flags Netif Expire default 192.168.2.110 UGS lo2 127.0.0.1 link#3 UH lo0 192.168.1.0/24 link#1 U re0 192.168.2.99 link#4 UH lo2 (privoxy) 192.168.2.100 link#4 UH lo2 (http cache) 192.168.2.110 link#4 UH lo2 192.168.56.0/28 link#6 U vboxnet0 Traffic for any internet IP gets passed to httpcache -> privoxy jail (99), but does not get forwarded to the 192.168.1.1 gateway. If I try to access the 192.168.1.1 adsl modem page, this does come up correctly (I presume because it is within defined address range on the routing table). What am I missing so that traffic from jail knows to exit from re0 and on to default gateway? In pf.conf I have one NAT rule - Should I be natting on lo2 as well? nat on $ExtIf from !($ExtIf) -> $ExtIf Regards.