The jails' routing tables on the multi-subnet host

The following configuration exists in /etc/rc.conf on the host:
Code:
ifconfig_bge0="up"
ifconfig_bge1="up"
ifconfig_bge2="up"
ifconfig_bge3="up"
cloned_interfaces="lagg0 bridge0 tap0 lo1"
ifconfig_lagg0="laggproto lacp laggport bge0 laggport bge1 laggport bge2 laggport bge3"
ifconfig_bridge0="addm lagg0 addm tap0"
vlans_lagg0="wan lan"
create_args_wan="vlan 10"
create_args_lan="vlan 20"
ifconfig_wan="inet 123.234.0.1 netmask 255.255.255.0"
defaultrouter="123.234.0.254"
ifconfig_lan="inet 10.0.0.1 netmask 255.255.255.0"
static_routes="ipv4a:lan ipv4b:lan ipv4c:lan"
route_ipv4a="-net 10.0.0.0/8 -gateway 10.0.0.254"
route_ipv4b="-net 172.16.0.0/12 -gateway 10.0.0.254"
route_ipv4c="-net 192.168.0.0/16 -gateway 10.0.0.254"
It means the host connects the public network through the interface named wan, and connects the private network through the interface named lan.

This is the routing table on the host:
Code:
% netstat -4nr
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            123.234.0.254      UGS         wan
10.0.0.0/8         10.0.0.254         UGS         lan
10.0.0.0/24        link#11            U           lan
10.0.0.1           link#11            UHS         lo0
123.234.0.0/24     link#10            U           wan
123.234.0.1        link#10            UHS         lo0
127.0.0.1          link#5             UH          lo0
172.16.0.0/12      10.0.0.254         UGS         lan
192.168.0.0/16     10.0.0.254         UGS         lan
Two jails are defined by /etc/jail.conf:
Code:
# skip unimportant lines
www {
    host.hostname = "WWW";
    ip4.addr = "lo1|127.0.0.2";
    ip4.addr += "wan|123.234.0.2";
    ip4.addr += "lan|10.0.0.2";
}
ftp {
    host.hostname = "FTP";
    ip4.addr = "lo1|127.0.0.3";
    ip4.addr += "lan|10.0.0.3";
}
For the jail named www, all networks are available, and this is the routing table on it:
Code:
% netstat -4nr
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
10.0.0.2           link#11            UHS         lo0
123.234.0.2        link#10            UHS         lo0
127.0.0.2          link#9             UH          lo1
For the jail named ftp, just the private network is available because the interface on it can't directly communicate with the interface named wan on the host. This is the routing table on this jail:
Code:
% netstat -4nr
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
10.0.0.3           link#11            UHS         lo0
127.0.0.3          link#9             UH          lo1
1. How to enable the public network except for adding an addtional public ip like the jail named www? Does this need something like net.inet.ip.forwarding, setfib or vnet? What's the most common method?

2. The output of ifconfig on each jail will include all interfaces on the host: bge[0-3], lo0, lagg0, bridge0, tap0, lo1, wan, lan. How to restrict ifconfig to only output the interfaces defined in /etc/jail.conf? For example, ifconfig just show lo1, wan and lan on the jail named www.

Thanks!
 
Back
Top