From owner-freebsd-net@FreeBSD.ORG Wed Mar 2 21:50:08 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 11574106566B for ; Wed, 2 Mar 2011 21:50:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 8DB778FC0C for ; Wed, 2 Mar 2011 21:50:07 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 90D0E41C7A6; Wed, 2 Mar 2011 22:50:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id gudQDQsQE6CX; Wed, 2 Mar 2011 22:50:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id B4D3041C7A4; Wed, 2 Mar 2011 22:50:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id E02FD4448FC; Wed, 2 Mar 2011 21:48:00 +0000 (UTC) Date: Wed, 2 Mar 2011 21:48:00 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Alex Povolotsky In-Reply-To: <4D4FA3DA.7010004@webmail.sub.ru> Message-ID: <20110302214601.S13400@maildrop.int.zabbadoz.net> References: <4D4FA3DA.7010004@webmail.sub.ru> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@FreeBSD.org Subject: Re: jail source address selection doesn't work? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2011 21:50:08 -0000 On Mon, 7 Feb 2011, Alex Povolotsky wrote: > Hello! > > On a multihomed FreeBSD 8.1-RELEASE, in a multihomed jail, source IP > selection suddenly refused to work. > > ifconfig on a box: ... > Seems reasonable, yes? > > Pinging from the box > > # ping 192.168.75.59 > PING 192.168.75.59 (192.168.75.59): 56 data bytes > 64 bytes from 192.168.75.59: icmp_seq=0 ttl=64 time=0.993 ms > 64 bytes from 192.168.75.59: icmp_seq=1 ttl=64 time=0.986 ms > 64 bytes from 192.168.75.59: icmp_seq=2 ttl=64 time=0.988 ms > ^C > --- 192.168.75.59 ping statistics --- > 3 packets transmitted, 3 packets received, 0.0% packet loss > round-trip min/avg/max/stddev = 0.986/0.989/0.993/0.003 ms > > 10:45:31.425232 IP 192.168.75.4 > 192.168.75.59: ICMP echo request, id 12430, > seq 0, length 64 > 10:45:31.426283 IP 192.168.75.59 > 192.168.75.4: ICMP echo reply, id 12430, > seq 0, length 64 > 10:45:32.425415 IP 192.168.75.4 > 192.168.75.59: ICMP echo request, id 12430, > seq 1, length 64 > 10:45:32.426404 IP 192.168.75.59 > 192.168.75.4: ICMP echo reply, id 12430, > seq 1, length 64 > > Okay, yes? > > From jail: > > # ping 192.168.75.59 > PING 192.168.75.59 (192.168.75.59): 56 data bytes > ^C > --- 192.168.75.59 ping statistics --- > 2 packets transmitted, 0 packets received, 100.0% packet loss > > 10:45:52.146600 IP 83.69.203.1 > 192.168.75.59: ICMP echo request, id 14222, > seq 0, length 64 > 10:45:53.146702 IP 83.69.203.1 > 192.168.75.59: ICMP echo request, id 14222, > seq 1, length 64 > > Setting ip.saddrsel to 1 or 0 did not change anything. Kernel is GENERIC+ALTQ > > What could I miss?... Don't use ping to test this. a) for ping inside the jail to work you need to enable raw sockets b) a) could give you a hint that ping does it's own thing. Try a telnet to a random port to the destination and verify with tcpdump whether things are still not working correctly, of if you establish the connection with netstat. If it still doesn't work let us know. /bz -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family.