Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 03 Jan 2014 07:10:29 -0600
From:      Mark Felder <feld@FreeBSD.org>
To:        freebsd-jail@freebsd.org
Subject:   Re: Allowing routing table visibility in jails to make multiple IPs work properly
Message-ID:  <1388754629.28024.66145985.72ADDF43@webmail.messagingengine.com>
In-Reply-To: <52C66E09.80307@monkeybrains.net>
References:  <201311301000.rAUA00eG045983@freefall.freebsd.org> <52C66E09.80307@monkeybrains.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Jan 3, 2014, at 2:00, Rudy (bulk) wrote:
> 
> I'm having issues when putting multiple IPs on a jail... one external, 
> one internal (on a different vlan).  The source IP from the jail is 
> always the first IP, so a solution is to use ipfw_nat to nat when using 
> the internal vlan to the 'second ip'.  Ugly hack. and it doesn't work 
> when there is an MTU difference between the vlans:
> 
> 
>   http://www.freebsd.org/cgi/query-pr.cgi?pr=184389
>   Re: kern/184389: libalias fails to adjust MTU from jails
> 
> 
> The other solution is to  let the jail 'see' the routing table:
>   devfs -m /data/example.monkeybrains.net/dev rule apply path kmem unhide
>   devfs -m /data/example.monkeybrains.net/dev rule apply path mem unhide
> 
> Is there anyway (or plans for) a method to reveal the routing table but 
> not all of mem and kmem to the jail?
> 
> 

Hi!

You've hit a bug I found a while back. Can you reconfirm the findings
that myself and bz had? The issue is not that the first IP is used for
*all* traffic, but only for traffic that uses raw sockets (like ICMP). I
actually have patches bz@ provided me for ping and fping which work
around this issue, but the fix should be done in the kernel instead.

Here's my PR, please take a look.

http://www.freebsd.org/cgi/query-pr.cgi?pr=168678

Your solution with the kmem/mem unhide is interesting. I do not have a
system that I could try that on at this time; my needs were
temporary/transitional (moving a monitoring server from 32bit to
64bit... architecture dependent RRDs, etc... )


Thanks!

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1388754629.28024.66145985.72ADDF43>