32-bit jail on 64-bit host
Chris
bsd-lists at bsdforge.com
Thu Apr 22 15:12:45 UTC 2021
On 2021-04-22 01:36, Peter Blok wrote:
> Hi,
>
> I have created a 32-bit jail on a 64-bit running 12-STABLE. The jail is also
> build
> using the same source.
>
> The jail gives me a 32-bit environment. I’m getting an IP address and I can
> ping
> others on the same network segment.
>
> But I can’t set a default route.
>
> route add default 192.168.1.1
> route: writing to routing socket: Invalid argument
> add net default: gateway 192.168.1.1 fib 0: Invalid argument
>
> # netstat -rn
> Routing tables
> (0) (0) UH
> (0) (0) U
> (0) (0) UHS
> (0) (0) UH
> (0) (0) U
> (0) (0) UHS
>
> # ifconfig -a
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
> inet 127.0.0.1 netmask 0xff000000
> groups: lo
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> e0b_websip: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> 1500
> options=8<VLAN_MTU>
> ether 0e:88:d7:20:99:80
> hwaddr 02:80:ad:6e:79:0b
> inet 192.168.1.205 netmask 0xffffff00 broadcast 192.168.1.255
> groups: epair
> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
> status: active
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>
> Any idea how to fix this?
>
> I’m using vnet bridge
I do it. I don't think vnet or a bridge is necessary or perhaps even
desirable
in this situation. All my 32/64bit jails access the hosts net out of
localhost
(127.0.0.2-N) and I use pf(4) to redirect the packets.
I have a static block of internet facing addresses. So change yours
accordingly
pf.conf(5)
EXT_ADDR="W.X.Y.Z"
...
set skip on { lo0, lo1 }
...
nat pass on re0 from { lo1 } to any -> $EXT_ADDR
rdr pass on re0 proto tcp from any to { lo1 } -> $EXT_ADDR
...
block in
pass out
...
I add an entry in the hosts hosts(5) file, and in the jails hosts(5) for
accounting purposes. The jails resolve.conf(5) file looks like this
nameserver 127.0.0.1
nameserver 127.0.0.2
options timeout:1 attempts:1 rotate
And all gets it done for me.
HTH
--Chris
>
> Peter
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
More information about the freebsd-hackers
mailing list