Allowing routing table visibility in jails to make multiple IPs work properly
Ian Smith
smithi at nimnet.asn.au
Fri Jan 3 14:10:25 UTC 2014
On Fri, 3 Jan 2014 08:05:55 -0500, Alejandro Imass wrote:
> On Fri, Jan 3, 2014 at 3:00 AM, Rudy (bulk) <crapsh at monkeybrains.net> wrote:
> >
> > I'm having issues when putting multiple IPs on a jail... one external, one
> > internal (on a different vlan). The source IP from the jail is always the
> > first IP, so a solution is to use ipfw_nat to nat when using the internal
> > vlan to the 'second ip'. Ugly hack. and it doesn't work when there is an
> > MTU difference between the vlans:
> >
>
> Greetings Rudy,
>
> I had the same exact problem and found that the problem is natd.
> Actually it is mentioned in natd's documentation.
Alejandro, hi,
can you point out where in natd(8) it indicates .. what exactly?
> If you want to get rid of this problem you need to get rid of natd and
> nat your jail traffic with some other means. Kernel nat should be a
> solution but I've never gotten around to test if it actually solves
> the problem. Please share if you find a way to fix this.
I may have missed it, but I've yet to see anyone report any functional
differences between natd and ipfw_nat, ie of something working in one
but not the other. Both use the underlying libalias(3) after all.
cheers, Ian
More information about the freebsd-jail
mailing list