[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Jails and networks



[fixed the top-posting]

Le mardi 13 à 23:30, Cyberia / Jisri a écrit :
> On Tue, Dec 13, 2011 at 4:21 PM, Jack Raats <jack AT jarasoft DOT net> wrote:
>> I'm running FreeBSD 7.4-STABLE with the latest ezjail from the ports.
>> I only have one networkcard.
>>
>> On my network I have two gateways
>>
>> I want:
>>
>> The host is running as 10.10.10.10 netmask 255.255.255.0 with gateway
>> 10.10.10.1
>> The jail must be running 192.168.178.10 netmask 255.255.255.0 with
>> gateway 192.168.178.1
>
> I did not test this but below are some steps you can try and let us
> know:
> [snip]
> After you create the jail log into it and create  /etc/rc.conf with
> the following in it:
>
> defaultrouter="192.168.178.1"

Jails do not make routing decisions, so I'm afraid setting
$defaultrouter in a jail will have no effect.

Jack, I think what you want is an alternate FIB (forwarding info table)
for your jail. In the default FIB (n°0), you use 10.10.10.10/24 with gw
10.10.10.1, and in the second FIB (n°1) you use 192.168.178.10/24 with
gw 192.168.178.1. Then, you tell ezjail (actually, you tell
/etc/rc.d/jail) to use FIB 1. Everything in the host will use the
default FIB (with the 10.10.10.1 gw).

I don't have time right now to dig deeper into it, but you will want to:

- search for FIB in the doc ;
- configure a second FIB with something like `setfib 1 route ...' ;
- as FIB appeared with 7.1, look if your copy of /etc/rc.d/jail has
  support to run a jail with another FIB, otherwise try to copy the
  relevant bits from a more recent release ;
- twiddle the value of jail_XXX_fib in your conf file ;
- ...
- PROFIT! (hopefully)

-- 
Fred