From nobody Mon Jun 30 03:44:25 2025 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bVsVL1wbkz5yscG for ; Mon, 30 Jun 2025 03:44:42 +0000 (UTC) (envelope-from pprocacci@gmail.com) Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bVsVK6TPXz44NH for ; Mon, 30 Jun 2025 03:44:41 +0000 (UTC) (envelope-from pprocacci@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-ae0d935020eso298208766b.3 for ; Sun, 29 Jun 2025 20:44:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1751255075; x=1751859875; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=0dD7yBKGtK/zyW+kqMaOVXBwP6rXCDZD/FjBijiu5xs=; b=SIP9XzadBYo7AvdtADNwKMgcsKm0TIMGY7nBR81f7v2nRwmUgBsQNb/z4ztKAMdXSz Yxtwt1UpInSqoXDEcTa76/hrs4o3GK7jFAcV33XsYSn9vx+5QtcJ+bLkVlMrGOqCRzJ9 8VZAq4kJhT812ZPRl2B8t8ur8aZ6qx6Z2GQ0bw5pRoS0IpLz35amikKSR5Lhydx41FzJ TNrKXD3ik4i/RsMZuLPV1Yv2uZ6Zxh3DPJTETKa1s/z5N51/LHa57pL+CGsvAFiWxxxC j4tHTj/D/LtbqPbnobugE2gVNMcNYLsfG2HXY5cJagOACIOTu1K6iF07nwzuleMIyBj+ ESZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751255075; x=1751859875; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0dD7yBKGtK/zyW+kqMaOVXBwP6rXCDZD/FjBijiu5xs=; b=CUJIiie733JaD+j1mFSs79UIKtWKPEc9wvPzEYI/9o0cCy9I3zp8J1iMsPPfTh+fUn LHE16WQJc4Wza7WR0gNgKm9hHrGdo81S5Tu6b2mCiyPhI2RdKC1eiZBXdGKTiDX83Fao S52vByuj5SKPfrT34794IeWVFQQFlyNWKA87nqtto1yeWAt6yErW44evFTQxFueEeZOY 8dIEPAx3nCxYmvJStLgKaY9zg7Yo82GNsX3ql6OHnKibwvTwg89ujZqhGiXosqi1baFY Bl2DKqwgoqm2wlPNbuVFJ9PKdKB28ClDITsP6VXBJIu9E629U9cqWxcueYIAdzntvtWt YBNQ== X-Gm-Message-State: AOJu0Yyx5778BC+HrzeI9bM/yJ4Pyry3ce2IIuUf4ZrLDGVrX7Zjmhft 2CcMoVqzDFrh/+GA65x5w+9DklbnelRx1u8VV/qKQAmd6oqlcXgrO5t72fO7lcXycI82tL9mRIU C15CYNoSLszmG3AukZSPXXWQG2769z9UD X-Gm-Gg: ASbGncs2f4YOQwsxv+XrU778dhO19CHz4t7H8ze7o4xcCnzOoygBq96f0BKskMiUNob 7Raf6GAkoJQCaPY8HO3W1bsHiiExZi33kR8Ryl9ykRV89WCTc7m0qD5S5AVVK20wTmdUsOb8hls 5+n9DMgYnhA/ncUwM5pzD0/Ic2ySiwVZU7RL7ZtV+S4XJpOmsDZ+s= X-Google-Smtp-Source: AGHT+IHTgKAGytJcaaWefAEicuv3N4/dijHRE2WOLfvU33e8jj1MCN0xDAPHICzAz2p6r03hnljBlKB537gfDGQ6dag= X-Received: by 2002:a17:906:f585:b0:ad5:557b:c369 with SMTP id a640c23a62f3a-ae3500cb2a2mr1056282266b.33.1751255075222; Sun, 29 Jun 2025 20:44:35 -0700 (PDT) List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Paul Procacci Date: Sun, 29 Jun 2025 23:44:25 -0400 X-Gm-Features: Ac12FXyX-vuo8QA-VWCXQl66inoOYwm3HvqQ3QGYWK62L1OaOFdxFEiu5OQ-rbc Message-ID: Subject: Re: rp_filter equivalent? To: Mason Loring Bliss Cc: freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4bVsVK6TPXz44NH X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] On Sun, Jun 29, 2025 at 11:09=E2=80=AFPM Mason Loring Bliss wrote: > > On Sun, Jun 29, 2025 at 10:55:49PM -0400, Paul Procacci wrote: > > > Ok, I misunderstood what you initially wrote because the language you'r= e > > using isn't exactly what I'd expect in the world of networking. > > I'm only peripherally a networking person, so I'm not surprised. > > > > To clear up any confusion ... you have two ip addresses, each one > > being in different subnets. > > Yes. > > > > The ip assigned to the host and the gateway that the host talks to are > > in one subnet while the other ip address assigned to the jail/vnet is > > in an entirely different subnet. > > And yes. > > > > Using VNET, you can try the following within the jail but I've never tr= ied: > > route add -net w.x.y.z/mask a.b.c.1 > > route add default a.b.c.1 > > I'll try that. That's what I remember trying initially, but unsuccessfull= y, > although I don't know that I included a subnet mask for w.x.y.z. It was a > month and a half ago and I was thrashing around through a number of > options, so I'll try it again this week and document things more closely. > > Thank you! > It's my pleasure. I ultimately believe you're going to have to add the second ip address as an alias to the main interface and then launch your jail w/out VNET taking that secondary ip address for its own use. This means you can forgo epairs and the like, and just let FBSD do its thing from there on out with a standard jail. ~Paul --=20 __________________ :(){ :|:& };: