Fwd: only lo0 interface inside jail, no default gw

Alexander Lunev sol289 at gmail.com
Tue Dec 16 17:39:21 UTC 2014 

Hello everyone.

I'm trying to build jail environment on a new server with 10.1-R. I've did
that before on 9.2-R, but now i'm stuck with strange network problem: no
matter how i configure jail (old way through rc.conf jail_* variables or
via /etc/jail.conf), i don't see default gateway in jail's routing table.
At first i started with more complex config using separate fib for jail,
but it's not working even without fibs (or in fib 0). So, here's what i
have in the host system:

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
default            10.1.1.1           UGS       em0.4
10.1.1.0/24        link#4             U         em0.4
10.1.1.205         link#4             UHS         lo0
10.1.1.206         link#4             UHS         lo0
127.0.0.1          link#3             UH          lo0
127.0.0.2          link#3             UH          lo0

# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        ether 00:30:48:c1:e1:b4
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        inet 127.0.0.2 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
em0.4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=103<RXCSUM,TXCSUM,TSO4>
        ether 00:30:48:c1:e1:b4
        inet 10.1.1.205 netmask 0xffffff00 broadcast 10.1.1.255
        inet 10.1.1.206 netmask 0xffffff00 broadcast 10.1.1.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        vlan: 4 parent interface: em0

I can ping internet from a host via gateway 10.1.1.1

And here's what i have in jail:

====== BOF /etc/jail.conf =========
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
mount.devfs;
allow.raw_sockets;
path = "/usr/jails/$name";

template {
    jid = 1;
    ip4.addr = "em0.4|10.1.1.206/24";
    ip4.addr += "lo0|127.0.0.2/8";
    host.hostname = template;
}
====== EOF /etc/jail.conf =========

# jexec 1 netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
10.1.1.206         link#4             UHS         lo0
127.0.0.2          link#3             UH          lo0

I can ping gateway from jail

# jexec 1 ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1): 56 data bytes
64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=0.366 ms
^C

But not the Internet or anything via routing.

I have no default gateway in jail - why? What have i missed in this new
jail implementation since 9.2-R?

Crossposted to freebsd-jail@

-- 
your sweet isn't ready yet

More information about the freebsd-net mailing list