From nobody Mon Jun 30 03:53:39 2025 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bVsht5hSLz5ytbK for ; Mon, 30 Jun 2025 03:53:50 +0000 (UTC) (envelope-from jamie@catflap.org) Received: from donotpassgo.dyslexicfish.net (donotpassgo.dyslexicfish.net [IPv6:2001:19f0:7400:8808:12:4:0:1]) by mx1.freebsd.org (Postfix) with ESMTP id 4bVsht1q2Bz3CCK for ; Mon, 30 Jun 2025 03:53:50 +0000 (UTC) (envelope-from jamie@catflap.org) Authentication-Results: mx1.freebsd.org; none X-Catflap-Envelope-From: X-Catflap-Envelope-To: freebsd-net@FreeBSD.org Received: from donotpassgo.dyslexicfish.net (donotpassgo.dyslexicfish.net [209.250.224.51]) by donotpassgo.dyslexicfish.net (8.14.5/8.14.5) with ESMTP id 55U3rduC021153; Mon, 30 Jun 2025 04:53:39 +0100 (BST) (envelope-from jamie@donotpassgo.dyslexicfish.net) Received: (from jamie@localhost) by donotpassgo.dyslexicfish.net (8.14.5/8.14.5/Submit) id 55U3rdKh021152; Mon, 30 Jun 2025 04:53:39 +0100 (BST) (envelope-from jamie) From: Jamie Landeg-Jones Message-Id: <202506300353.55U3rdKh021152@donotpassgo.dyslexicfish.net> Date: Mon, 30 Jun 2025 04:53:39 +0100 Organization: Dyslexic Fish To: mason@blisses.org, freebsd-net@FreeBSD.org Subject: Re: rp_filter equivalent? References: In-Reply-To: User-Agent: Heirloom mailx 12.4 7/29/08 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.7 (donotpassgo.dyslexicfish.net [209.250.224.51]); Mon, 30 Jun 2025 04:53:40 +0100 (BST) X-Rspamd-Queue-Id: 4bVsht1q2Bz3CCK X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:7400::/38, country:US] Mason Loring Bliss wrote: > > I've got a vnet jail that's set up to use that x.y.z.50 address, and I've > assigned x.y.z.50 to epair0b in the jail, but I ran into a problem. I > couldn't tell that jail to use a.b.c.1 as its default gateway and that that > was out through epair0a without assigning an a.b.c address to epair0a, even > though I don't actually have a spare assigned to me. Unless I've misread, you simply want to route through an IP that is physically "on your lan", but isn't configured as being "on your lan". try adding this static route: route add -host a.b.c.1 -iface em0 (replace em0 with the name of the network interface that is physically connected to the a.b.c.1 Ip address) Then simply set the default gateway to a.b.c.1 as you tried to do already. Basically, you were trying to set the default to the IP of your router which wasn't within your configured IP subnet. route add -host a.b.c.1 -iface em0 basically means 'to get to this out-of-scope ip address, just send the packets down interface em0, as it's directly accessable that way, even though the normal config doesn't imply it' For rc.conf in the jail, this should be all you need to add: static_routes="defaultrouter" route_defaultrouter="-host a.b.c.1 -iface em0" defaultrouter="a.b.c.1" (modified as appropriate, of course) .