kern/156268: jails don't use routing table

crapsh at crapsh at
Fri Apr 8 06:10:12 UTC 2011

>Number:         156268
>Category:       kern
>Synopsis:       jails don't use routing table
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 08 06:10:11 UTC 2011
>Originator:     Rudy
>Release:        FreeBSD 8.2-RELEASE amd64
System: FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Wed Apr 6 01:45:24 PDT 2011 root at crepe4:/usr/obj/usr/src/sys/CREPE4 amd64
Jail environment
Jails can support multiple IPs.  When picking which IP as a 'source IP' the jail does not 
take into consideration the routing table as the host system does.
  Set 2 IPs on your system: and
  set your jail to use both IPs
  export jail_example_monkeybrains_net_ip=","
  Set default route to
  Set a static route to to route through
  run "tcpdump -n icmp" in one window
  run "ping" in 'host' -- source packet is
  run "ping" in 'jailed host' -- source packet is

I even added /dev/mem and /dev/kmem to the jailed environment so I could run
'netstat -rn' in the jail.  The route for is in the routing table, 
but the kernel picks the wrong source IP.

Run you stuff outside of jails.  :(

More information about the freebsd-bugs mailing list