________________________________________
From: Marko Cupać <marko.cu...@mimar.rs>
Sent: Monday, October 23, 2017 1:58 PM
To: Andrew Hotlab
Cc: freebsd-jail@freebsd.org
Subject: Re: setfib (ez)jails and wierd routing
> On Tue, 17 Oct 2017 15:17:16 +0000
> Andrew Hotlab <andrew.hot...@hotmail.com> wrote:
>
> > root@BSD11:~ # cat /etc/jail.conf
> > exec.start = "/bin/sh /etc/rc";
> > exec.stop = "/bin/sh /etc/rc.shutdown";
> > exec.clean;
> > mount.devfs;
> > jtest01 {
> > host.hostname = "jtest01.test.lab";
> > path = /usr/jails/jtest01;
> > ip4.addr = "em0|172.21.10.101/32";
> > persist;
> > allow.raw_sockets;
> > exec.fib = "1";
> > }
>
> Andrew,
>
> do you have the ability to remove allow.raw_sockets line from jtest01
> jail and try to ping it while tcpdumping icmp on em1? You should see
> reply packets leaving em1.
>
So sorry: I didn't notice that my own transcript shown exactly the
behaviour you are describing... in fact you can see "echo request"
packets, but no "echo reply" on em0 interface!!
And I can confirm you that the problem does not happen in the same
topology with a FreeBSD 10.3 host.
At this point I guess that all responses to ICMP requests received on
IP addresses assigned to jails linked to specific FIB on FreeBSD 11.x
are not influenced by the FIB, while in FreeBSD 10.x they are.
(No problem from ICMP traffic generated from the jail itself: I saw packets
leaving and coming back through the right interface).
Unfortunately I haven't the competence to point you to the right direction
to solve, but I think it is a jail-related issue, thus this should be the right
mailing list to discuss about this.
I'll come back if I'll be able to understand something more.
Andrew
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
