Jails: Host has multiple interfaces, routing problems?

Savagedlight

Well-Known Member

Reaction score: 100
Messages: 369

Hello there.
I'm trying to set up a jail server which will have jails hooking into two different networks.
One is my LAN, the other is reserved for 'exposed to the public' services (such as webservers etc).
I have a pfsense box hooking in to both networks, routing traffic between them (with filtering).
A single jail will only be hooked into one of these networks.

Description:
Jail "rsync" has sshd running on port 22, IP 10.1.1.12.
Connecting to this works fine from an IP in the lanif:network range works fine.
If I # ifconfig lanif down, I can no longer connect to the SSHd from an IP in the lanif:network range. Pinging the IP still works fine.

This is, in my opinion, unexpected behaviour, and if I'm to take a guess, it indicates jail traffic is routed out on the wrong interface.
Any ideas why this is happening?

Related settings
/etc/rc.conf
Code:
defaultrouter="10.0.1.1"
cloned_interfaces="vlan0 vlan1"
ifconfig_re0="up mtu 9000 polling name netif"
ifconfig_vlan0="inet 10.0.1.19/24 vlan 1 vlandev netif name lanif"
ifconfig_vlan1="inet 10.1.1.2/24 vlan 10 vlandev netif name jailif"

# Firewall
pf_enable="YES"
pf_rules="/etc/pf.conf"

/usr/local/etc/ezjail/rsync
Code:
export jail_rsync_ip="10.1.1.12"
export jail_rsync_interface="jailif"

/etc/pf.conf
Code:
# Settings
set block-policy drop
# Aliases
jailif="jailif"
lanif="lanif"

jailnet="10.1.1.0/24"
jailnet_gw="10.1.1.1"

#Routing
#pass out route-to ($jailif $jailnet_gw) from $jailnet to !$jailnet
pass out on lanif route-to ($jailif $jailnet_gw) from $jailnet to !$jailnet
^^ I've tried both the commented-out one, and the non-commented one. Neither seems to make any difference (except I can't ping 10.1.1.12 from the console with the commented-out one)
 
Top