Date: Mon, 16 Oct 2017 16:18:44 +0200 From: Marko =?UTF-8?B?Q3VwYcSH?= <marko.cupac@mimar.rs> To: Andrew Hotlab <andrew.hotlab@hotmail.com> Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org> Subject: Re: setfib (ez)jails and wierd routing Message-ID: <20171016161844.7ddb1fe7@efreet-freebsd.kappastar.com> In-Reply-To: <AM3PR02MB31250DCB6D22C712457C38EF67F0@AM3PR02MB312.eurprd02.prod.outlook.com> References: <20170929103258.2f912308@efreet-freebsd.kappastar.com> <AM3PR02MB31250DCB6D22C712457C38EF67F0@AM3PR02MB312.eurprd02.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 30 Sep 2017 10:38:58 +0000 Andrew Hotlab <andrew.hotlab@hotmail.com> wrote: > Hi Marko. I'm running an almost identical setup, but I do not have > this issue: ICMP echo reply packets are sent from the right > interface. The only difference is that I didn't defined additional > lo1 and lo2 interfaces, but I guess it shouldn't be the cause. >=20 > I'm running releng/10.3. Which release are you working on? Hi Andrew, sorry for late reply. I'm running 11.1-RELEASE-p1. I am definitely seeing packets with source addresses of my DMZ jails (fib2) exiting through interface on local LAN. Those are mostly icmp echo replies that should be coming from jails but are not due to the fact that jails don't have raw sockets enables. So, echo replies are returned from host (and not jails), whose default gateway is on internal network. Would freebsd-net be more appropriate list for this problem? Thank you in advance, --=20 Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupa=C4=87 https://www.mimar.rs/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171016161844.7ddb1fe7>