Date: Wed, 17 Dec 2014 13:48:45 -0700 From: James Gritton <jamie@freebsd.org> To: freebsd-jail@freebsd.org Subject: Re: only lo0 interface inside jail, no default gw Message-ID: <0096d1968fd2758df224a9dea6934ddb@gritton.org> In-Reply-To: <CABk4_A61y1m8hXXkOPEKSbzf74j64MNtYhfV59enVuJfPwQApQ@mail.gmail.com> References: <CABk4_A61y1m8hXXkOPEKSbzf74j64MNtYhfV59enVuJfPwQApQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2014-12-16 10:35, Alexander Lunev wrote:
> Hello everyone.
>
> I'm trying to build jail environment on a new server with 10.1-R. I've
> did
> that before on 9.2-R, but now i'm stuck with strange network problem:
> no
> matter how i configure jail (old way through rc.conf jail_* variables
> or
> via /etc/jail.conf), i don't see default gateway in jail's routing
> table.
> At first i started with more complex config using separate fib for
> jail,
> but it's not working even without fibs (or in fib 0). So, here's what i
> have in the host system:
>
> # netstat -rn
> Routing tables
>
> Internet:
> Destination Gateway Flags Netif Expire
> default 10.1.1.1 UGS em0.4
> 10.1.1.0/24 link#4 U em0.4
> 10.1.1.205 link#4 UHS lo0
> 10.1.1.206 link#4 UHS lo0
> 127.0.0.1 link#3 UH lo0
> 127.0.0.2 link#3 UH lo0
>
> # ifconfig
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> 1500
>
> options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
> ether 00:30:48:c1:e1:b4
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: Ethernet autoselect (1000baseT <full-duplex>)
> status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
> inet 127.0.0.1 netmask 0xff000000
> inet 127.0.0.2 netmask 0xff000000
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> em0.4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> 1500
> options=103<RXCSUM,TXCSUM,TSO4>
> ether 00:30:48:c1:e1:b4
> inet 10.1.1.205 netmask 0xffffff00 broadcast 10.1.1.255
> inet 10.1.1.206 netmask 0xffffff00 broadcast 10.1.1.255
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: Ethernet autoselect (1000baseT <full-duplex>)
> status: active
> vlan: 4 parent interface: em0
>
> I can ping internet from a host via gateway 10.1.1.1
>
> And here's what i have in jail:
>
> ====== BOF /etc/jail.conf =========
> exec.start = "/bin/sh /etc/rc";
> exec.stop = "/bin/sh /etc/rc.shutdown";
> mount.devfs;
> allow.raw_sockets;
> path = "/usr/jails/$name";
>
> template {
> jid = 1;
> ip4.addr = "em0.4|10.1.1.206/24";
> ip4.addr += "lo0|127.0.0.2/8";
> host.hostname = template;
> }
> ====== EOF /etc/jail.conf =========
>
> # jexec 1 netstat -rn
> Routing tables
>
> Internet:
> Destination Gateway Flags Netif Expire
> 10.1.1.206 link#4 UHS lo0
> 127.0.0.2 link#3 UH lo0
>
> I can ping gateway from jail
>
> # jexec 1 ping 10.1.1.1
> PING 10.1.1.1 (10.1.1.1): 56 data bytes
> 64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=0.366 ms
> ^C
>
> But not the Internet or anything via routing.
>
> I have no default gateway in jail - why? What have i missed in this new
> jail implementation since 9.2-R?
The netstat output is no surprise. I don't know if it was before or
after 9.2, but jails don't see routes that don't involve their own IP
addresses, and that includes the default route.
But that doesn't mean the default route isn't there. I have netstat
output similar to yours, but packets still route as expected. I don't
see anything in your jail.conf that looks wrong, so I'm afraid I can't
say anything more than "it looks like it *should* work."
- Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0096d1968fd2758df224a9dea6934ddb>