桐山です 8.0-STABLE->8.2-PRERELEASE に上げて nat 内の jail 環境からゲー トウェイを超えることができなくなって困っています.ネットワー クは以下のとおりです. 202.26.248.32/27 ------------------------+------------------------------------- |202.26.248.53 +--NAT box(natd)-------+-------------------------+ | bge0 | | t2.st.toba-cmt.ac.jp | | +------+------+------+------+--------+ | |firewall | ns | mail | web | ftp |diskless| | | bge1 | bge1 | bge1 | bge1 | bge1 | bge1 | | +----+----+--+---+--+---+--+---+--+---+----+---+-+ |254 |2 |3 |4 |5 |1 192.168.2.0/24 ------+-------+------+------+------+--------+------------------
ここで, t2# jls JID IP Address Hostname Path 1 192.168.2.4 web.cct2 /jails/web 2 192.168.2.2 ns.cct2 /jails/ns 3 192.168.2.3 mail.cct2 /jails/mail 5 192.168.2.1 diskless.cct2 /jails/diskless 7 192.168.2.5 ftp.cct2 /jails/ftp t2# ping -c 3 202.26.248.4 PING 202.26.248.4 (202.26.248.4): 56 data bytes 64 bytes from 202.26.248.4: icmp_seq=0 ttl=63 time=0.185 ms 64 bytes from 202.26.248.4: icmp_seq=1 ttl=63 time=0.179 ms 64 bytes from 202.26.248.4: icmp_seq=2 ttl=63 time=0.179 ms --- 202.26.248.4 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.179/0.181/0.185/0.003 ms t2# ping -c 3 192.168.2.4 PING 192.168.2.4 (192.168.2.4): 56 data bytes 64 bytes from 192.168.2.4: icmp_seq=0 ttl=64 time=0.017 ms 64 bytes from 192.168.2.4: icmp_seq=1 ttl=64 time=0.021 ms 64 bytes from 192.168.2.4: icmp_seq=2 ttl=64 time=0.018 ms --- 192.168.2.4 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.017/0.019/0.021/0.002 ms t2# jexec 7 tcsh ftp# ping -c 3 192.168.2.4 PING 192.168.2.4 (192.168.2.4): 56 data bytes 64 bytes from 192.168.2.4: icmp_seq=0 ttl=64 time=0.017 ms 64 bytes from 192.168.2.4: icmp_seq=1 ttl=64 time=0.021 ms 64 bytes from 192.168.2.4: icmp_seq=2 ttl=64 time=0.010 ms --- 192.168.2.4 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.010/0.016/0.021/0.005 ms ftp# ping -c 3 202.26.248.4 PING 202.26.248.4 (202.26.248.4): 56 data bytes --- 202.26.248.4 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss ftp# なかんじです.とりあえず t2# netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 202.26.248.33 UGS 12 1785 bge0 127.0.0.1 link#3 UH 0 11 lo0 192.168.2.0/24 link#2 U 6 1458 bge1 192.168.2.1 link#2 UHS 0 1459 lo0 => 192.168.2.1/32 link#2 U 0 0 bge1 192.168.2.2 link#2 UHS 0 1471 lo0 => 192.168.2.2/32 link#2 U 0 0 bge1 192.168.2.3 link#2 UHS 0 1459 lo0 => 192.168.2.3/32 link#2 U 0 0 bge1 192.168.2.4 link#2 UHS 0 1463 lo0 => 192.168.2.4/32 link#2 U 0 0 bge1 192.168.2.5 link#2 UHS 0 803 lo0 => 192.168.2.5/32 link#2 U 0 0 bge1 192.168.2.254 link#2 UHS 0 0 lo0 202.26.248.32/27 link#1 U 1 1458 bge0 202.26.248.53 link#1 UHS 0 0 lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%lo0/64 link#3 U lo0 fe80::1%lo0 link#3 UHS lo0 ff01:3::/32 fe80::1%lo0 U lo0 ff02::%lo0/32 fe80::1%lo0 U lo0 t2# ifconfig bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> ether d4:85:64:39:70:82 inet 202.26.248.53 netmask 0xffffffe0 broadcast 202.26.248.63 media: Ethernet autoselect (1000baseT <full-duplex>) status: active bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> ether d4:85:64:39:70:83 inet 192.168.2.254 netmask 0xffffff00 broadcast 192.168.2.255 inet 192.168.2.4 netmask 0xffffffff broadcast 192.168.2.4 inet 192.168.2.2 netmask 0xffffffff broadcast 192.168.2.2 inet 192.168.2.3 netmask 0xffffffff broadcast 192.168.2.3 inet 192.168.2.1 netmask 0xffffffff broadcast 192.168.2.1 inet 192.168.2.5 netmask 0xffffffff broadcast 192.168.2.5 media: Ethernet autoselect (1000baseT <full-duplex,flowcontrol,rxpause,txpause>) status: active lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536 t2# sysctl -a|grep jail security.jail.param.cpuset.id: 0 security.jail.param.host.hostid: 0 security.jail.param.host.hostuuid: 64 security.jail.param.host.domainname: 256 security.jail.param.host.hostname: 256 security.jail.param.children.max: 0 security.jail.param.children.cur: 0 security.jail.param.enforce_statfs: 0 security.jail.param.securelevel: 0 security.jail.param.path: 1024 security.jail.param.name: 256 security.jail.param.parent: 0 security.jail.param.jid: 0 security.jail.param.linux.oss_version: 0 security.jail.param.linux.osrelease: 65 security.jail.param.linux.osname: 65 security.jail.enforce_statfs: 2 security.jail.mount_allowed: 0 security.jail.chflags_allowed: 0 security.jail.allow_raw_sockets: 1 security.jail.sysvipc_allowed: 0 security.jail.socket_unixiproute_only: 1 security.jail.set_hostname_allowed: 1 security.jail.jail_max_af_ips: 255 security.jail.jailed: 0 t2# なかんじですが,security.jail.allow_raw_sockets は 1 にセッ トされています.とにかく 8.0-STABLE 上で実際に動いている環境 をほぼそのままコピーしていますので???です.症状としては 「Jail 環境内からデフォルトルートが見えない」ということなん ですが,これって 8.2-* になって何か設定する必要になったんで したっけ?