Date: Wed, 31 Jul 2013 19:55:20 -0600 From: Josh Beard <josh@signalboxes.net> To: freebsd-jail@freebsd.org Subject: Starting jail breaks routing / multi-network jail Message-ID: <CAHDrHStCng%2Bzg=_RThWysgRm5wD=DxxzJQz=%2BoZL8JwbX%2BXh7w@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I posted this on forums.freebsd.org ( http://forums.freebsd.org/showthread.php?t=41135), but figured I may have better luck here. I'm trying to setup a host that will accommodate two networks for its jails - with two NICs. One of this NICs (igb0) is connected to our LAN and the other (igb1) is connected to a public WAN switch. For the WAN side, I'll actually have two different gateways with two completely different set of addresses due to IP exhaustion - same network, however. I'm not sure if the problem I'm having is a bug, a misconfiguration, or a limitation. Whenever starting a a test jail that has an address on the LAN and one on the WAN, my hosts's routing gets changed and I'm unable to reach the public address I have for the jail. Here's a snip of what the host /etc/rc.conf looks like (addresses obfuscated for privacy): ifconfig_igb0="inet 172.30.112.196 netmask 255.255.240.0" ifconfig_igb0_alias0="inet 172.30.112.192 netmask 255.255.240.0" # (I tried a recommended 255.255.255.255, too) ifconfig_igb1="inet 96.2.192.A netmask 255.255.255.240 broadcast 96.2.192.BA " ifconfig_igb1_alias0="inet 24.111.1.B netmask 255.255.255.240 broadcast 24.111.1.BB" defaultrouter="24.111.1.BR" I'm using ezjail and in the jail's config, I have: export jail_jailedhost_ip="igb0|172.30.112.192,igb1|24.111.1.a" export jail_jailedhost_fib="1" Before starting the jail, I can ping any of the addresses in question. After starting, the public addresses stop responding. --------- default 24.111.1.b UGS 0 4 igb1 24.111.1.x/28 link#3 U 0 43 igb1 24.111.1.a link#3 UHS 0 0 lo0 (and the routes for the LAN) --------- When I start the jail, my hosts's routes change: --------- default 24.111.1.b UGS 0 236 igb1 24.111.1.a link#3 UHS 0 0 lo0 => 24.111.1.a/32 link#3 U 0 0 igb1 (routes for the LAN - routes for each address /32) --------- The broadcast for each interface also changes to its own address (/32). I can "fix" this by doing this on the host system, but this isn't desirable. If I have to, I guess I could have this executed on startup (but cycling a jail will break the routing table again): service netif restart service routing restart set fib 1 route add -host 24.111.1.BR -iface igb1 set fib 1 route add default 24.111.1.BR I'm not sure where to go from here. I've tried using setfib to take care of this (as you see there), but the results are the same. TL;DR: Starting a jail with a LAN and public address changes the host's routing table and will not talk over the public network. Cycling the netif and routing services resolves it. Any insight? Anything is much appreciated. Josh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHDrHStCng%2Bzg=_RThWysgRm5wD=DxxzJQz=%2BoZL8JwbX%2BXh7w>