The following configuration exists in /etc/rc.conf on the host:
It means the host connects the public network through the interface named wan, and connects the private network through the interface named lan.
This is the routing table on the host:
Two jails are defined by /etc/jail.conf:
For the jail named www, all networks are available, and this is the routing table on it:
For the jail named ftp, just the private network is available because the interface on it can't directly communicate with the interface named wan on the host. This is the routing table on this jail:
1. How to enable the public network except for adding an addtional public ip like the jail named www? Does this need something like net.inet.ip.forwarding, setfib or vnet? What's the most common method?
2. The output of
Thanks!
Code:
ifconfig_bge0="up"
ifconfig_bge1="up"
ifconfig_bge2="up"
ifconfig_bge3="up"
cloned_interfaces="lagg0 bridge0 tap0 lo1"
ifconfig_lagg0="laggproto lacp laggport bge0 laggport bge1 laggport bge2 laggport bge3"
ifconfig_bridge0="addm lagg0 addm tap0"
vlans_lagg0="wan lan"
create_args_wan="vlan 10"
create_args_lan="vlan 20"
ifconfig_wan="inet 123.234.0.1 netmask 255.255.255.0"
defaultrouter="123.234.0.254"
ifconfig_lan="inet 10.0.0.1 netmask 255.255.255.0"
static_routes="ipv4a:lan ipv4b:lan ipv4c:lan"
route_ipv4a="-net 10.0.0.0/8 -gateway 10.0.0.254"
route_ipv4b="-net 172.16.0.0/12 -gateway 10.0.0.254"
route_ipv4c="-net 192.168.0.0/16 -gateway 10.0.0.254"
This is the routing table on the host:
Code:
% netstat -4nr
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 123.234.0.254 UGS wan
10.0.0.0/8 10.0.0.254 UGS lan
10.0.0.0/24 link#11 U lan
10.0.0.1 link#11 UHS lo0
123.234.0.0/24 link#10 U wan
123.234.0.1 link#10 UHS lo0
127.0.0.1 link#5 UH lo0
172.16.0.0/12 10.0.0.254 UGS lan
192.168.0.0/16 10.0.0.254 UGS lan
Code:
# skip unimportant lines
www {
host.hostname = "WWW";
ip4.addr = "lo1|127.0.0.2";
ip4.addr += "wan|123.234.0.2";
ip4.addr += "lan|10.0.0.2";
}
ftp {
host.hostname = "FTP";
ip4.addr = "lo1|127.0.0.3";
ip4.addr += "lan|10.0.0.3";
}
Code:
% netstat -4nr
Routing tables
Internet:
Destination Gateway Flags Netif Expire
10.0.0.2 link#11 UHS lo0
123.234.0.2 link#10 UHS lo0
127.0.0.2 link#9 UH lo1
Code:
% netstat -4nr
Routing tables
Internet:
Destination Gateway Flags Netif Expire
10.0.0.3 link#11 UHS lo0
127.0.0.3 link#9 UH lo1
2. The output of
ifconfig
on each jail will include all interfaces on the host: bge[0-3], lo0, lagg0, bridge0, tap0, lo1, wan, lan. How to restrict ifconfig
to only output the interfaces defined in /etc/jail.conf? For example, ifconfig just show lo1, wan and lan on the jail named www.Thanks!