From owner-freebsd-jail@FreeBSD.ORG Fri Jan 3 08:17:02 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5BFE3705 for ; Fri, 3 Jan 2014 08:17:02 +0000 (UTC) Received: from mail.monkeybrains.net (mail.monkeybrains.net [208.69.40.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 3EBFE14E1 for ; Fri, 3 Jan 2014 08:17:01 +0000 (UTC) Received: from invalid-dns.rfc1918.monkeybrains.net (208-90-212-98.PUBLIC.monkeybrains.net [208.90.212.98]) (authenticated bits=0) by mail.monkeybrains.net (8.14.7/8.14.7) with ESMTP id s038096W079124 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Fri, 3 Jan 2014 00:00:10 -0800 (PST) (envelope-from crapsh@monkeybrains.net) X-Authentication-Warning: mail.monkeybrains.net: Host 208-90-212-98.PUBLIC.monkeybrains.net [208.90.212.98] claimed to be invalid-dns.rfc1918.monkeybrains.net Message-ID: <52C66E09.80307@monkeybrains.net> Date: Fri, 03 Jan 2014 00:00:09 -0800 From: "Rudy (bulk)" User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Allowing routing table visibility in jails to make multiple IPs work properly References: <201311301000.rAUA00eG045983@freefall.freebsd.org> In-Reply-To: <201311301000.rAUA00eG045983@freefall.freebsd.org> X-Forwarded-Message-Id: <201311301000.rAUA00eG045983@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.98 at mail.monkeybrains.net X-Virus-Status: Clean X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jan 2014 08:17:02 -0000 I'm having issues when putting multiple IPs on a jail... one external, one internal (on a different vlan). The source IP from the jail is always the first IP, so a solution is to use ipfw_nat to nat when using the internal vlan to the 'second ip'. Ugly hack. and it doesn't work when there is an MTU difference between the vlans: http://www.freebsd.org/cgi/query-pr.cgi?pr=184389 Re: kern/184389: libalias fails to adjust MTU from jails The other solution is to let the jail 'see' the routing table: devfs -m /data/example.monkeybrains.net/dev rule apply path kmem unhide devfs -m /data/example.monkeybrains.net/dev rule apply path mem unhide Is there anyway (or plans for) a method to reveal the routing table but not all of mem and kmem to the jail? Rudy