Date: Thu, 2 May 2013 02:30:19 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Joe <fbsd8@a1poweruser.com> Cc: freebsd-jail <freebsd-jail@freebsd.org> Subject: Re: vnet jail with ipfw having logging problem Message-ID: <20130502021830.O30818@sola.nimnet.asn.au> In-Reply-To: <51805EFB.6050806@a1poweruser.com> References: <44AC45947DA14449AEDFB13B9F6C5F7DAF3E1FA5@ltcfiswmsgmb25> <517A7BCB.8060604@a1poweruser.com> <13CA24D6AB415D428143D44749F57D7201F22068@ltcfiswmsgmb21> <517D3426.1090703@a1poweruser.com> <51805EFB.6050806@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 30 Apr 2013 20:16:59 -0400, Joe wrote: > I have ipfw running inside of a vnet jail on a 9.1-RELEASE host using the > jail(8) definition statements for starting and stopping the vnet jail. As a > side note non-vnet jails are working as expected. > > The host is running a custom kernel with modules and with > options VIMAGE > nooptions SCTP > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10 What steps have you taken during testing to override this ridiculously low limit on logging? Otherwise, after e.g. just 5 pings and 5 ping responses are logged, all logging ceases until issuing 'ipfw resetlog'. > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_IPDIVERT You'd likely do better using in-kernel NAT; natd doesn't get much love. > options IPFIREWALL_FORWARD > > compiled in. Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130502021830.O30818>