vnet jail with ipfw having logging problem
Ian Smith
smithi at nimnet.asn.au
Wed May 1 16:51:52 UTC 2013
On Tue, 30 Apr 2013 20:16:59 -0400, Joe wrote:
> I have ipfw running inside of a vnet jail on a 9.1-RELEASE host using the
> jail(8) definition statements for starting and stopping the vnet jail. As a
> side note non-vnet jails are working as expected.
>
> The host is running a custom kernel with modules and with
> options VIMAGE
> nooptions SCTP
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=10
What steps have you taken during testing to override this ridiculously
low limit on logging? Otherwise, after e.g. just 5 pings and 5 ping
responses are logged, all logging ceases until issuing 'ipfw resetlog'.
> options IPFIREWALL_DEFAULT_TO_ACCEPT
> options IPFIREWALL_IPDIVERT
You'd likely do better using in-kernel NAT; natd doesn't get much love.
> options IPFIREWALL_FORWARD
>
> compiled in.
Ian
More information about the freebsd-jail
mailing list