From owner-freebsd-jail@FreeBSD.ORG Mon Apr 9 19:14:47 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09599106564A for ; Mon, 9 Apr 2012 19:14:47 +0000 (UTC) (envelope-from jfd@mrecic.gov.ar) Received: from mx2.mrecic.gov.ar (mx2.mrecic.gov.ar [200.16.97.20]) by mx1.freebsd.org (Postfix) with ESMTP id 7FF0F8FC12 for ; Mon, 9 Apr 2012 19:14:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrecic.gov.ar; i=jfd@mrecic.gov.ar; q=dns/txt; s=mrecic; t=1333998306; x=1365534306; h=date:from:to:cc:message-id:in-reply-to:subject: mime-version:content-transfer-encoding; bh=xk6H2Zyxzoqb8NzbivT31hUHtly0Z+zGP0/+dHy71sM=; b=cLXU4gwlHVoTYHyaDvbg3EGPfCFJPl41lcSefQAGhWacC7ZYr82V5z50 VyFC7uEB7rTTTFj+71T2rzFNY8GHK44ttShfIW+hIOQvAlAUznXDQeiqD FBgh3dy/ug6N+J7HgAyqLFFA5oZuAKG1647R4BvVpxy84UT2tDt+zYjP9 k=; Authentication-Results: mx2.mrecic.gov.ar; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AlADAMFPe0+MvzAogWdsb2JhbABFhUuyRiIBARYmJ4IJAQEBAwEBAQEgKyALBQcPDgMEAQEDAg0ZAikBAwMDHggGCAQDBAEcBIdjBQuoMpF1gS+JWIRHgRgEhGGOV4IxgQuFP4xhgUI X-IronPort-AV: E=Sophos;i="4.75,364,1330916400"; d="scan'208";a="29368785" Received: from mrelmx08.mrec.ar ([140.191.48.40]) by mx2.mrecic.gov.ar with ESMTP; 09 Apr 2012 16:05:04 -0300 Received: from localhost (localhost.localdomain [127.0.0.1]) by mrelmx08.mrec.ar (Postfix) with ESMTP id 8B40C6E3B2; Mon, 9 Apr 2012 16:14:44 -0300 (ART) X-Virus-Scanned: amavisd-new at mrelmx08.mrec.ar Received: from mrelmx08.mrec.ar ([127.0.0.1]) by localhost (mrelmx08.mrec.ar [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y8j1dvr3NftI; Mon, 9 Apr 2012 16:14:44 -0300 (ART) Received: from mrelmx05.mrec.ar (mrelmx09.mrec.ar [140.191.48.41]) by mrelmx08.mrec.ar (Postfix) with ESMTP id 3F4446E39B; Mon, 9 Apr 2012 16:14:44 -0300 (ART) Date: Mon, 9 Apr 2012 16:16:47 -0300 (ART) From: =?utf-8?Q?Juan_F=2E_D=C3=ADaz_y_D=C3=ADaz?= To: Mark Felder Message-ID: <493438014.49159.1333999007132.JavaMail.root@mrelmx09.mrec.ar> In-Reply-To: <1630049596.48296.1333997133303.JavaMail.root@mrelmx09.mrec.ar> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [140.191.48.40] X-Mailer: Zimbra 6.0.6_GA_2330.DEBIAN5_64 (ZimbraWebClient - SAF3 (Linux)/6.0.6_GA_2330.DEBIAN5_64) Cc: freebsd-jail@freebsd.org Subject: Re: Jail source address selection broken, patch for ping X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2012 19:14:47 -0000 Mark, you can just run a jail with the setfib utility so you don't need to = modify all your scripts. # First you need to setup the routing table for each fib # /etc/rc.local setfib 1 route add default 10.1.1.1 setfib 1 route del 192.168.1.0/24 setfib 2 route add default 192.168.1.1 setfib 2 route del 10.1.1.0/24 # For each jail config define a fib id # /etc/rc.conf ... jail_NAME1_ip=3D"10.1.1.2/24 jail_NAME1_fib=3D"1" ... jail_NAME2_ip=3D"192.168.1.2/24 jail_NAME2_fib=3D"2" # Then just exec your jail with the setfib setfib 1 jexec 1 bash Regards ----- Original Message ----- From: "Mark Felder" To: freebsd-jail@freebsd.org Sent: Monday, April 9, 2012 2:07:14 PM Subject: Re: Jail source address selection broken, patch for ping On Mon, 09 Apr 2012 11:50:35 -0500, Juan F. D=C3=ADaz y D=C3=ADaz wrote: > Mark, did you tried using the setfib utility? No, and even if that could have helped I would probably have to modify our monitoring software (Xymon/Hobbit/BigBrother) in undesirable ways to have it launch every child process with setfib. This would certainly be a nasty hack and honestly networking should "just work" from within a jail; utilities shouldn't have to be tricked into working with a jail's network stack. Here's the results of trying setfib, though: root@xymon:/# setfib 0 fping 192.168.xxx.1 (censored for our privacy) setfib: setfib: Function not implemented Do you have to set some sysctl to get setfib to work in a jail, or does it just not work in jails period? _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" --=20 Juan F. Diaz y Diaz MRECIC Esmeralda 1212 Piso 3 - Bs As, Argentina +54 (11) 4819 7261 PGP ID 0x27911364 (http://pgp.mit.edu)