From owner-freebsd-net@FreeBSD.ORG Wed May 29 02:06:57 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 09252CBA for ; Wed, 29 May 2013 02:06:57 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id B99AECDC for ; Wed, 29 May 2013 02:06:56 +0000 (UTC) Received: from jre-mbp.elischer.org (ppp121-45-237-17.lns20.per1.internode.on.net [121.45.237.17]) (authenticated bits=0) by vps1.elischer.org (8.14.5/8.14.5) with ESMTP id r4T26kI7006785 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 28 May 2013 19:06:49 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <51A562B2.4020101@freebsd.org> Date: Wed, 29 May 2013 10:06:42 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: Jeff Subject: Re: FreeBSD jail can't talk to internet through multiple routers References: <1369785428.89131.YahooMailNeo@web142302.mail.bf1.yahoo.com> In-Reply-To: <1369785428.89131.YahooMailNeo@web142302.mail.bf1.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 May 2013 02:06:57 -0000 On 5/29/13 7:57 AM, Jeff wrote: > Hi, > > I run PCBSD 9.1 and have a jail setup (uses the Warden PBI to set it up). > > In that jail which has it's own local IP like 192.168.1.12, I have an Apache server running Drupal. > > Normally when I connect the computer to a single router that is connected to a modem, I set "nameserver 192.168.1.1", i.e. the router LAN IP or gateway, in etc/resolv.conf and have no problems. > > Now I have added a 2nd router daisy chained from the primary router, running a subnet (primary router has IP: 192.168.1.1 and secondary router: 192.168.2.1). > > The computer running the jail is plugged into the secondary router. > > The problem is, the jail can't contact the internet. I can SSH into the jail but it takes a very long time to connect, like 30 seconds or so. > > > I've tried different IP addresses for "nameserver" but nothing works. > > I have no problems using the internet from the main part of the computer, just the jails. > > > Any ideas why this happens and how to get around it? I've had this problem for years with different versions of FreeBSD. > > Do I need to create a static route through to the gateway, and if so, why is that not a problem using a browser from the main part of the machine? basically your jail is using the same routing as the rest of the machine you have several options, though they may not all be supported in the PCBSD 9.1 jail system 1/ you could use ipfw to do packet forwarding this is what we used to before we had #2 and #3. 2/ you can specify that the jail should use a different FIB (routing table) you should look up setfib(1) and setfib(2) and follow the 'see also' pointers as well. 3/ you can use VIMAGE and set up a jail with a completely separate network stack. DOcumentation for this is a bit hard to find but use the 'vnet' option in jail(8) nad look up VIMAGE and vnet in google. > > > Thanks, > > Jeff > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >