Routing dilemma

B

beaute

Hello,

I have a problem and it's giving me a huuuge headache. Been trying to solve it for two hours and half now I don't seem to see the problem.

I have two freeBSD machines, each running a number of jails. I only have one physical interface per machine, which is directly connected using a cable. all other interfaces i have are virtual. here is what I have in mind and what I want to achieve
Code: 
	       IP Cipher 1						       IP Cipher 1
	 _______________________					 _______________________
	|			|					|			|
	|    ______________	|					|    ______________	|
	|   |		   |	|					|   |		   |	|
	|   |	  JAIL	   |	| 					|   |	  JAIL	   |	|
	|   4	   #1	   5	|				        |   10 	   #3	   11	|
	|3  |		   | 6	|				        |9  |		   |  12|
	|   |______________| 	|					|   |______________| 	|
	|		      	|					| 		      	|
	|		      	|					| 		      	|
	|    ______________	|					|    ______________	|
	|   |		   |	|		   			|   |		   |	|
	|   |	  JAIL	   |	7   <------- { RED NETWORK } ------->   8  | 	  JAIL	   |	|
	|   |	   #2	   |	|				        |   | 	   #4	   |	|
	|   |		   |	|				        |   |		   |	|
	|   |______________| 	|					|   |______________| 	|
	|		      	|					| 		      	|
	|		      	|					| 		      	|
	|    ______________   	|					|    ______________   	|
	|   |		   | 	|					|   |		   | 	|
	|   |	  JAIL	   |	|					|   |	  JAIL	   |	|
	|2  |	   #5	   |	|					|   | 	   #6	   |  13|
	|   1		   |	|					|   | 		   14   |
	|   |______________|	|					|   |______________|	|
	|			|					|			|
	|_______________________|					|_______________________|


1: 2.2.2.3
2: 2.2.2.10
3: 10.0.0.2
4: 10.0.0.1
5: 192.168.1.2
6: 192.168.1.4
7: 1.1.1.1
8: 1.1.1.2
9: 206.165.1.4
10: 206.165.1.2
11: 10.0.0.1
12: 10.0.0.2
13: 4.4.4.10
14: 4.4.4.3

Only number 7 and 8 are physical interfaces, everything else is virtual. I wish to enforce this path (from 1 to 14 and then from 14 to 1). I have edited my routing tables as follows:

Code: 
Routing of IPCIPHER 1
DEFAULT: 1.1.1.2
2.0.0.0/8 10.0.0.1

Routing of IPCIPHER2
DEFAULT: 1.1.1.1
4.0.0.0/8 10.0.0.1

JAIL1:
2.0.0.0/8 10.0.0.2
DEFAULT: 192.168.1.4

JAIL5: 
DEFAULT: 2.2.2.10

JAIL3:
4.0.0.0/8 10.0.0.2
DEFAULT: 206.165.1.4

JAIL6:
DEFAULT: 4.4.4.10

Under this setup, I try to ping from jail 5 to jail 6.
# jexec 3 ping 4.4.4.3

and I monitor activity on all interfaces. There is activity on the following interfaces: 2, 7, 8, 13

There is no activity on the following interfaces: 3, 6, 12

However, the interfaces 3 and 6 are reachable from 1, and the interface 12 is reachable from 8.


Any help is appreciated :(
 
Unless you're using VIMAGE routing is done on the host, not a jail.
 
In fact, I am using VIMAGE. I tampered around with it, and now I get TTL Time exceeded. The traffic is now reachable on 3 and 6.

it does not reach 7 (does not read the default route)
 
A default gateway can never be outside of a directly connected network.

I'm not sure what you're trying to accomplish but your setup is extremely complicated. Which is probably the reason why it's not working. Start off with something a little simpler.
 
After four and half hours, this is now Solved.

# jexec 1 sysctl net.inet.ip.forwarding=1
# jexec 2 sysctl net.inet.ip.forwarding=1


oh and save it in /etc/sysctl.conf, typing it onetime within the jail does not make it persistent.
 
beaute said:
oh and save it in /etc/sysctl.conf, typing it onetime within the jail does not make it persistent.
Click to expand...
Add to /etc/rc.conf:
Code: 
gateway_enable="YES"
 
You must log in or register to reply here.
Back
Top