Date: Sun, 29 Jun 2025 22:22:31 -0400 From: Mason Loring Bliss <mason@blisses.org> To: Paul Procacci <pprocacci@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: rp_filter equivalent? Message-ID: <aGH05-Sd25uFPEBf@blisses.org> In-Reply-To: <CAFbbPujxeDWotQROy9z4mSsxxr74d0hiQoiU%2Boj_GWgaS9z6hQ@mail.gmail.com> References: <aGHohWgtKxaPgdeR@blisses.org> <CAFbbPujxeDWotQROy9z4mSsxxr74d0hiQoiU%2Boj_GWgaS9z6hQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--lpCum9QrXN1xQoGV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Jun 29, 2025 at 09:48:58PM -0400, Paul Procacci wrote:
> The "fix" your problem ......
> You need to create a bridge.
> Add your main interface to the bridge.
> You can assign your .10 to the bridge.
> Then, you can create your epair.
> Assign the a side the bridge and the b side to your jail.
> Add your .50 the the 'b' side, and add the default route of .1.
Hrm, hrm. That's what I was doing first. I was basing it off what I use
here:
https://wiki.freebsd.org/MasonLoringBliss/JailsEpair
In fact... I... am pretty sure I did exactly what you're suggesting, but
the system told me I couldn't set a default route in the jail because it
wasn't a legal address.
So: NIC, epair0a in bridge0; epair0b in vnet jail. If epair0b had the
correct (floating) address I couldn't set the default route, because the
default route was in an unrelated /24. I had to set epair0a to something in
the same /24 for me to get a default route set for epair0b, and I had to
break epair0a out of the bridge.
I'll mess with it again sometime soon because I feel like it really ought
to have worked the way I set it up first. I'll report back here with more
details. It's working now, but I really don't like *how* it's working.
--=20
Mason Loring Bliss (( If I have not seen as far as others, it is because
mason@blisses.org )) giants were standing on my shoulders. - Hal Abels=
on
--lpCum9QrXN1xQoGV
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEEXtBZz1axB5rEDCEnrJXcHbvJVUFAmhh9OUACgkQnrJXcHbv
JVWtEg//bEtFlEaUyWfV6NuBukZCSVkPwooGjlpczR8GbWQhs9OPKqnr1BauJ9PC
2Uns6FZQEEBNgv7rR9dnznQc4/AJ6Z/ok2V6OVGPLHG6jAdTGtGPx2jStqrW2S/U
rkkSy7aCBfRDZE9in0WmFvt0ShZedXuYw03KbWvl19qTY4xidySSxNKGrMF+/2nc
CjxGlH4Dw2jBAjp7gL2/glKyowJ18C443FGPy3RJyftIHI6VI+0trj/SV/h8PLjl
gIdOzFgzZxNJryy41TajwzwuUrTRlFphgvExnLTJNivU3Ewijfqg2HYdGt6fhaob
IFCCXze/+/gusDEkFaLLVgUtjcpPCv9ki0VETS4w0+IQ4/OFVlw5LH6Y2tnQxVtb
lsHCBV7IQ/J79WIknNhZfyInfThT87c6OvKWN5xlF6fi3Gfga2X04DcMk4xCbj5s
Aglbu5HP9XtC290vm/YpSr1PxPmwUBh6xThY79hXt7lFr41sCG0BhxQLzrq6mKLj
X3CLiOhX1ioOxQLKsJfWAZskqwjclXhwCJnFpX8dxQRaskEbXfVT0hrrFUXPf8AT
ZQ2jpyt598+uD7pyTYTsYEvPbrAuuQEK33XpInk6DaB1JyBun3Cr5JShLB3Jzvai
p7b8e4Y+gvciL0jJDWBqhWFG2/vD55UBq4dYvo7goskcVP4zDVo=
=/Thv
-----END PGP SIGNATURE-----
--lpCum9QrXN1xQoGV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aGH05-Sd25uFPEBf>