From owner-freebsd-questions@FreeBSD.ORG Tue May 29 17:58:46 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4DB0E16A421 for ; Tue, 29 May 2007 17:58:46 +0000 (UTC) (envelope-from rapopp@eastcentral.edu) Received: from ecmail.eastcentral.edu (ecmail.eastcentral.edu [198.209.216.1]) by mx1.freebsd.org (Postfix) with ESMTP id 2F98913C469 for ; Tue, 29 May 2007 17:58:46 +0000 (UTC) (envelope-from rapopp@eastcentral.edu) Received: from barbados.eastcentral.edu (unknown [10.15.0.132]) by ecmail.eastcentral.edu (Postfix) with ESMTP id 119A43981C for ; Tue, 29 May 2007 12:41:49 -0500 (CDT) From: "Reuben A. Popp" To: freebsd-questions@freebsd.org Date: Tue, 29 May 2007 12:42:15 -0500 User-Agent: KMail/1.9.4 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200705291242.16640.rapopp@eastcentral.edu> Subject: Static Routes, gateways and the end of my sanity X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: rapopp@eastcentral.edu List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2007 17:58:46 -0000 Hello everyone, can someone please (_please_!!) let me know what I'm doing wrong in the following example? I am near my wits end on implementing this, any suggestions are greatly appreciated! The scenario is that I have a server here with twin nics, bce0 and bce1; I would like bce0 to be connected to our dmz network (192.168.x.x), while bce1 would be on our internal network. A jail will reside on the ip assigned to bce0, while the regular base system will bind to bce1. My current rc.conf consists of the following: ------------------------------------------- defaultrouter="10.228.228.254" ifconfig_bce0="inet 192.168.4.80 netmask 255.255.255.0" ifconfig_bce1="inet 10.228.228.228 media 100BaseTX mediaopt full-duplex netmask 255.255.255.0" # Enable Jails for multi-homed box (video) jail_enable="YES" jail_list="video" jail_video_rootdir="/usr/local/jail/video" jail_video_hostname="video.eastcentral.edu" jail_video_ip="192.168.4.80" jail_named_exec_start="/bin/sh /etc/rc" jail_video_devfs_enable="YES" # Routed and gateway settings static_routes="net1" route_net1="-net 192.168.4.80/24 -netmask 255.255.255.0 192.168.4.254" ------------------------------------------ Of course there's other things in there like binding various services (inetd, syslog, et al) to the internal ip. On bringing the machine up, I can ping both ips just fine; what I can't do is ssh to the dmz address. Yes, sshd is running inside the jail ;). The output of tcpdump shows a connect to that ip on bce0, but all responses appear to be going out on bce1. Again, any suggestions or comments are welcome and appreciated. For the record, the machine is a Dell PowerEdge 2950 running the amd64 6.2-RELEASE-p4 branch. I will gladly supply more info if this isn't enough. Cheers, and thanks in advance Reuben A. Popp -- Reuben A. Popp Systems Administrator Information Technology Department East Central College 1+ 636 583 5195 x2480