From owner-freebsd-jail@FreeBSD.ORG Mon Apr 9 17:07:23 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 49C92106566C for ; Mon, 9 Apr 2012 17:07:23 +0000 (UTC) (envelope-from feld@feld.me) Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2]) by mx1.freebsd.org (Postfix) with ESMTP id 1BF6B8FC18 for ; Mon, 9 Apr 2012 17:07:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me; s=blargle; h=In-Reply-To:Message-Id:From:Content-Transfer-Encoding:Mime-Version:Date:References:Subject:To:Content-Type; bh=J8yyi1sNzx/BRb9BhAvpr/vb1HYdir/6GAipYssVyKA=; b=YX9CLCbi05y6kizFEtigHnESNgRAfu9xZVyp03jSwsrHxjR0VLLB4QoiiB1TF9JUIfADqDvo0SmDdGAzdJPj56c5bRScaSUd6NWs33Ek4POQD1leelxdj+25Z2I+QCC0; Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org) by feld.me with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1SHI3l-0006Mw-Bh for freebsd-jail@freebsd.org; Mon, 09 Apr 2012 12:07:22 -0500 Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4) with esmtpa id 1333991235-23734-23733/5/5; Mon, 9 Apr 2012 17:07:15 +0000 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-jail@freebsd.org References: <1074043264.46101.1333990235616.JavaMail.root@mrelmx09.mrec.ar> Date: Mon, 9 Apr 2012 12:07:14 -0500 Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Mark Felder Message-Id: In-Reply-To: <1074043264.46101.1333990235616.JavaMail.root@mrelmx09.mrec.ar> User-Agent: Opera Mail/11.62 (FreeBSD) X-SA-Score: -1.5 Subject: Re: Jail source address selection broken, patch for ping X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2012 17:07:23 -0000 On Mon, 09 Apr 2012 11:50:35 -0500, Juan F. D=C3=ADaz y D=C3=ADaz =20 wrote: > Mark, did you tried using the setfib utility? No, and even if that could have helped I would probably have to modify = our =20 monitoring software (Xymon/Hobbit/BigBrother) in undesirable ways to = have =20 it launch every child process with setfib. This would certainly be a = nasty =20 hack and honestly networking should "just work" from within a jail; =20 utilities shouldn't have to be tricked into working with a jail's = network =20 stack. Here's the results of trying setfib, though: root@xymon:/# setfib 0 fping 192.168.xxx.1 (censored for our privacy) setfib: setfib: Function not implemented Do you have to set some sysctl to get setfib to work in a jail, or does = it =20 just not work in jails period?