jail source address selection doesn't work?
Alex Povolotsky
tarkhil at webmail.sub.ru
Mon Feb 7 08:15:49 UTC 2011
Hello!
On a multihomed FreeBSD 8.1-RELEASE, in a multihomed jail, source IP
selection suddenly refused to work.
ifconfig on a box:
bce0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:1a:64:c5:d0:c8
inet 192.168.80.40 netmask 0xffffff00 broadcast 192.168.80.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
bce1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:1a:64:c5:d0:ca
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet 127.0.0.2 netmask 0xff000000
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
vlan75: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=103<RXCSUM,TXCSUM,TSO4>
ether 00:1a:64:c5:d0:ca
inet 192.168.75.4 netmask 0xffffff00 broadcast 192.168.75.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 75 parent interface: bce1
vlan82: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=103<RXCSUM,TXCSUM,TSO4>
ether 00:1a:64:c5:d0:ca
inet 192.168.82.2 netmask 0xffffff00 broadcast 192.168.82.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 82 parent interface: bce1
vlan83: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=103<RXCSUM,TXCSUM,TSO4>
ether 00:1a:64:c5:d0:ca
inet 83.69.203.3 netmask 0xfffffff0 broadcast 83.69.203.15
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 83 parent interface: bce1
vlan63: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=103<RXCSUM,TXCSUM,TSO4>
ether 00:1a:64:c5:d0:ca
inet 10.19.63.100 netmask 0xffffff00 broadcast 10.19.63.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 63 parent interface: bce1
carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 192.168.80.42 netmask 0xffffff00
carp: MASTER vhid 145 advbase 1 advskew 0
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 192.168.75.3 netmask 0xffffff00
carp: MASTER vhid 146 advbase 1 advskew 0
carp2: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 192.168.82.4 netmask 0xffffff00
carp: MASTER vhid 147 advbase 1 advskew 0
carp3: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 83.69.203.1 netmask 0xfffffff0
carp: MASTER vhid 148 advbase 1 advskew 0
carp4: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 10.19.63.67 netmask 0xffffff00
carp: MASTER vhid 149 advbase 1 advskew 0
ifconfig in a jail
bce0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:1a:64:c5:d0:c8
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
bce1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:1a:64:c5:d0:ca
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
vlan75: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=103<RXCSUM,TXCSUM,TSO4>
ether 00:1a:64:c5:d0:ca
inet 192.168.75.4 netmask 0xffffff00 broadcast 192.168.75.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 75 parent interface: bce1
vlan82: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=103<RXCSUM,TXCSUM,TSO4>
ether 00:1a:64:c5:d0:ca
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 82 parent interface: bce1
vlan83: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=103<RXCSUM,TXCSUM,TSO4>
ether 00:1a:64:c5:d0:ca
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 83 parent interface: bce1
vlan63: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=103<RXCSUM,TXCSUM,TSO4>
ether 00:1a:64:c5:d0:ca
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 63 parent interface: bce1
carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 192.168.80.42 netmask 0xffffff00
carp: MASTER vhid 145 advbase 1 advskew 0
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
carp: MASTER vhid 146 advbase 1 advskew 0
carp2: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
carp: MASTER vhid 147 advbase 1 advskew 0
carp3: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 83.69.203.1 netmask 0xfffffff0
carp: MASTER vhid 148 advbase 1 advskew 0
carp4: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 10.19.63.67 netmask 0xffffff00
carp: MASTER vhid 149 advbase 1 advskew 0
routing table:
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 83.69.203.14 UGS 232 1221991 vlan83
10.0.0.0/8 10.19.63.126 UGS 0 8768 vlan63
10.19.63.0/24 link#7 U 185 613762 vlan63
10.19.63.67 link#12 UH 0 0 carp4
10.19.63.100 link#7 UHS 0 244 lo0
83.69.203.0/28 link#6 U 4 38198 vlan83
83.69.203.1 link#11 UH 0 1876305 carp3
83.69.203.3 link#6 UHS 0 154 lo0
127.0.0.1 link#3 UH 0 1078596 lo0
127.0.0.2 link#3 UH 0 18 lo0
172.16.0.0/12 10.19.63.126 UGS 0 0 vlan63
192.168.0.0/16 10.19.63.126 UGS 8 205694 vlan63
192.168.75.0/24 link#4 U 49 1222391 vlan75
192.168.75.3 link#9 UH 0 0 carp1
192.168.75.4 link#4 UHS 0 2 lo0
192.168.80.0/24 link#1 U 6 618586 bce0
192.168.80.40 link#1 UHS 0 130620 lo0
192.168.80.42 link#8 UH 0 95987 carp0
192.168.82.0/24 link#5 U 2 2361 vlan82
192.168.82.2 link#5 UHS 0 0 lo0
192.168.82.4 link#10 UH 0 0 carp2
Seems reasonable, yes?
Pinging from the box
# ping 192.168.75.59
PING 192.168.75.59 (192.168.75.59): 56 data bytes
64 bytes from 192.168.75.59: icmp_seq=0 ttl=64 time=0.993 ms
64 bytes from 192.168.75.59: icmp_seq=1 ttl=64 time=0.986 ms
64 bytes from 192.168.75.59: icmp_seq=2 ttl=64 time=0.988 ms
^C
--- 192.168.75.59 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.986/0.989/0.993/0.003 ms
10:45:31.425232 IP 192.168.75.4 > 192.168.75.59: ICMP echo request, id
12430, seq 0, length 64
10:45:31.426283 IP 192.168.75.59 > 192.168.75.4: ICMP echo reply, id
12430, seq 0, length 64
10:45:32.425415 IP 192.168.75.4 > 192.168.75.59: ICMP echo request, id
12430, seq 1, length 64
10:45:32.426404 IP 192.168.75.59 > 192.168.75.4: ICMP echo reply, id
12430, seq 1, length 64
Okay, yes?
From jail:
# ping 192.168.75.59
PING 192.168.75.59 (192.168.75.59): 56 data bytes
^C
--- 192.168.75.59 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
10:45:52.146600 IP 83.69.203.1 > 192.168.75.59: ICMP echo request, id
14222, seq 0, length 64
10:45:53.146702 IP 83.69.203.1 > 192.168.75.59: ICMP echo request, id
14222, seq 1, length 64
Setting ip.saddrsel to 1 or 0 did not change anything. Kernel is
GENERIC+ALTQ
What could I miss?...
Alex.
More information about the freebsd-net
mailing list