In response to "Reuben A. Popp" <[EMAIL PROTECTED]>:

> Hello everyone, can someone please (_please_!!) let me know what I'm doing 
> wrong in the following example?  I am near my wits end on implementing this, 
> any suggestions are greatly appreciated!
> The scenario is that I have a server here with twin nics, bce0 and bce1; I 
> would like bce0 to be connected to our dmz network (192.168.x.x), while bce1 
> would be on our internal network.  A jail will reside on the ip assigned to 
> bce0, while the regular base system will bind to bce1.
> My current rc.conf consists of the following:
> -------------------------------------------
> defaultrouter=""
> ifconfig_bce0="inet netmask"
> ifconfig_bce1="inet media 100BaseTX mediaopt full-duplex 
> netmask"
> # Enable Jails for multi-homed box (video)
> jail_enable="YES"
> jail_list="video"
> jail_video_rootdir="/usr/local/jail/video"
> jail_video_hostname=""
> jail_video_ip=""
> jail_named_exec_start="/bin/sh /etc/rc"
> jail_video_devfs_enable="YES"
> # Routed and gateway settings
> static_routes="net1"
> route_net1="-net -netmask"
> ------------------------------------------
> Of course there's other things in there like binding various services (inetd, 
> syslog, et al) to the internal ip.
> On bringing the machine up, I can ping both ips just fine; what I can't do is 
> ssh to the dmz address.  Yes, sshd is running inside the jail ;).  The output 
> of tcpdump shows a connect to that ip on bce0, but all responses appear to be 
> going out on bce1.

I don't believe that what you're attempting is possible.

The system only has 1 routing table, and despite the traffic coming from the
jail, it still gets routed by the host routing table.

There's some work in progress to improve this, but AFAIK, what you're trying
to do isn't currently possible.

FYI:  there is now a freebsd-jail@ mailing list -- you may find better answers

Bill Moran
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to