On Thu, 2 Nov 2017 15:42:55 +0100 Michael Gmelin <gre...@freebsd.org> wrote:
> On Thu, 2 Nov 2017 13:19:31 +0100 > Marko Cupać <marko.cu...@mimar.rs> wrote: > > > On Mon, 30 Oct 2017 22:46:35 +0100 > > Michael Gmelin <gre...@freebsd.org> wrote: > > > > > You can use fibs with net.add_addr_allfibs=0 to get separate > > > routing tables (comes with its own set of complications > > > though). > > > > I hoped to go this way, but the fact that host (in fib0) replies to > > icmp requests destined to jail with raw_sockets disabled (in fib 1) > > via host's default gateway, making really wierd routing situation. > > Shouldn't you be able to fix this using a pf pass rule with rtable? I am sure it could be fixed as you said, but I don't want to introduce more complexity with PF. > Maybe you can share more of your setup, quite curious. I wrote about that here on the list, and on -jail as well (both are the same): [https://lists.freebsd.org/pipermail/freebsd-jail/2017-September/003442.html] [https://lists.freebsd.org/pipermail/freebsd-net/2017-October/049037.html] I also got off-list reply from a guy who says this behaviour was introduced in 11.X, and not present in 10.X. Didn't have the time to test on 10.X. Regards, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/ _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
