Jails on fib problem
Beeblebrox
zaphod at berentweb.com
Wed Jan 29 12:22:58 UTC 2014
Since no answer as to a-or-b option, I assumed (a) option was also
flawed, so I went with (b). I moved the jails to a 192 address family.
Current rc.conf:
cloned_interfaces="lo2"
ifconfig_lo2="inet 192.168.2.110/28"
static_routes="jail default"
route_jail="default 192.168.2.110 -fib 1"
route_default="default 192.168.1.1"
# setfib 1 netstat -rn
Destination Gateway Flags Netif Expire
default 192.168.2.110 UGS lo2
127.0.0.1 link#3 UH lo0
192.168.1.0/24 link#1 U re0
192.168.2.99 link#4 UH lo2 (privoxy)
192.168.2.100 link#4 UH lo2 (http cache)
192.168.2.110 link#4 UH lo2
192.168.56.0/28 link#6 U vboxnet0
Traffic for any internet IP gets passed to httpcache -> privoxy jail
(99), but does not get forwarded to the 192.168.1.1 gateway. If I try
to access the 192.168.1.1 adsl modem page, this does come up correctly
(I presume because it is within defined address range on the routing
table).
What am I missing so that traffic from jail knows to exit from re0 and
on to default gateway? In pf.conf I have one NAT rule - Should I be
natting on lo2 as well?
nat on $ExtIf from !($ExtIf) -> $ExtIf
Regards.
More information about the freebsd-net
mailing list