On Fri, Jan 3, 2014, at 2:00, Rudy (bulk) wrote: > > I'm having issues when putting multiple IPs on a jail... one external, > one internal (on a different vlan). The source IP from the jail is > always the first IP, so a solution is to use ipfw_nat to nat when using > the internal vlan to the 'second ip'. Ugly hack. and it doesn't work > when there is an MTU difference between the vlans: > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=184389 > Re: kern/184389: libalias fails to adjust MTU from jails > > > The other solution is to let the jail 'see' the routing table: > devfs -m /data/example.monkeybrains.net/dev rule apply path kmem unhide > devfs -m /data/example.monkeybrains.net/dev rule apply path mem unhide > > Is there anyway (or plans for) a method to reveal the routing table but > not all of mem and kmem to the jail? > >
Hi! You've hit a bug I found a while back. Can you reconfirm the findings that myself and bz had? The issue is not that the first IP is used for *all* traffic, but only for traffic that uses raw sockets (like ICMP). I actually have patches bz@ provided me for ping and fping which work around this issue, but the fix should be done in the kernel instead. Here's my PR, please take a look. http://www.freebsd.org/cgi/query-pr.cgi?pr=168678 Your solution with the kmem/mem unhide is interesting. I do not have a system that I could try that on at this time; my needs were temporary/transitional (moving a monitoring server from 32bit to 64bit... architecture dependent RRDs, etc... ) Thanks! _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
