Site Navigation

Date:      Mon, 9 Apr 2012 16:16:47 -0300 (ART)
From:      =?utf-8?Q?Juan_F=2E_D=C3=ADaz_y_D=C3=ADaz?= <jfd@mrecic.gov.ar>
To:        Mark Felder <feld@feld.me>
Cc:        freebsd-jail@freebsd.org
Subject:   Re: Jail source address selection broken, patch for ping
Message-ID:  <493438014.49159.1333999007132.JavaMail.root@mrelmx09.mrec.ar>
In-Reply-To: <1630049596.48296.1333997133303.JavaMail.root@mrelmx09.mrec.ar>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Mark, you can just run a jail with the setfib utility so you don't need to =
modify all your scripts.

# First you need to setup the routing table for each fib
# /etc/rc.local
setfib 1 route add default 10.1.1.1
setfib 1 route del 192.168.1.0/24

setfib 2 route add default 192.168.1.1
setfib 2 route del 10.1.1.0/24

# For each jail config define a fib id
# /etc/rc.conf
...
jail_NAME1_ip=3D"10.1.1.2/24
jail_NAME1_fib=3D"1"
...
jail_NAME2_ip=3D"192.168.1.2/24
jail_NAME2_fib=3D"2"

# Then just exec your jail with the setfib
setfib 1 jexec 1 bash

Regards

----- Original Message -----
From: "Mark Felder" <feld@feld.me>
To: freebsd-jail@freebsd.org
Sent: Monday, April 9, 2012 2:07:14 PM
Subject: Re: Jail source address selection broken, patch for ping

On Mon, 09 Apr 2012 11:50:35 -0500, Juan F. D=C3=ADaz y D=C3=ADaz
<jfd@mrecic.gov.ar> wrote:

> Mark, did you tried using the setfib utility?

No, and even if that could have helped I would probably have to modify
our monitoring software (Xymon/Hobbit/BigBrother) in undesirable ways to
have it launch every child process with setfib. This would certainly be
a nasty
hack and honestly networking should "just work" from within a jail;
utilities shouldn't have to be tricked into working with a jail's
network stack.

Here's the results of trying setfib, though:

root@xymon:/# setfib 0 fping 192.168.xxx.1 (censored for our privacy)
setfib: setfib: Function not implemented

Do you have to set some sysctl to get setfib to work in a jail, or does
it just not work in jails period?
_______________________________________________ freebsd-jail@freebsd.org
mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe,
send any mail to "freebsd-jail-unsubscribe@freebsd.org"

--=20
Juan F. Diaz y Diaz

MRECIC
Esmeralda 1212 Piso 3 - Bs As, Argentina
+54 (11) 4819 7261

PGP ID 0x27911364 (http://pgp.mit.edu)

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?493438014.49159.1333999007132.JavaMail.root>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact