From owner-freebsd-jail@FreeBSD.ORG Fri Feb 5 12:43:05 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C7DC7106566B; Fri, 5 Feb 2010 12:43:05 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from smtp-int-m.obspm.fr (smtp-int-m.obspm.fr [145.238.187.15]) by mx1.freebsd.org (Postfix) with ESMTP id 4D0B48FC12; Fri, 5 Feb 2010 12:43:04 +0000 (UTC) Received: from obspm.fr (pcjas.obspm.fr [145.238.184.233]) by smtp-int-m.obspm.fr (8.14.3/8.14.3/SIO Observatoire de Paris - 07/2009) with ESMTP id o15CWsGN022893 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 5 Feb 2010 13:32:56 +0100 Date: Fri, 5 Feb 2010 13:32:54 +0100 From: Albert Shih To: freebsd-jail@freebsd.org, freebsd-pf@freebsd.org Message-ID: <20100205123254.GN11310@obspm.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.20 (2009-06-14) X-Miltered: at smtp-int-m.obspm.fr with ID 4B6C0FF6.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 4B6C0FF6.000/145.238.184.233/pcjas.obspm.fr/obspm.fr/ X-j-chkmail-Score: MSGID : 4B6C0FF6.000 on smtp-int-m.obspm.fr : j-chkmail score : . : R=. U=. O=. B=0.012 -> S=0.012 X-j-chkmail-Status: Ham Cc: Subject: How make the route-to working ? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Feb 2010 12:43:05 -0000 Hi all, I've a problem with route-to. I've a server with 2 interfaces, and I'm running jail on this server. Each interface have is own public IP address. eth0 -- IP0 eth1 -- IP1 and I've a default route (for example in IP0 subnet). So if the jail is in the IP0 subnet no problem everything work. Now if I put a jail in IP1 subnet, and some client try to connect to this jail the answer come out through eth0 because of the default route (suppose the client is not on my subnet). I don't want that. I want the answer come out through the eth1 I'm trying to use pf to do that and put in my pf.conf something like pass in all pass out all pass out on eth0 route-to {(eth0 IP0_Gateway)} from to ! IP0_subnet pass out on eth1 route-to {(eth1 IP1_Gateway)} from to ! IP1_subnet but it's not working, if I run a tcpdump on the host I can see the incoming packet come in from eth1 and the outgoing come out on eth0. And if I try do remove default route the outgoing packet don't come out.... Any help ? Regards. -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Téléphone : 01 45 07 76 26/06 86 69 95 71 Heure local/Local time: Ven 5 fév 2010 13:25:02 CET