桐山です
8.0-STABLE->8.2-PRERELEASE に上げて nat 内の jail 環境からゲー
トウェイを超えることができなくなって困っています.ネットワー
クは以下のとおりです.
202.26.248.32/27
------------------------+-------------------------------------
|202.26.248.53
+--NAT box(natd)-------+-------------------------+
| bge0 |
| t2.st.toba-cmt.ac.jp |
| +------+------+------+------+--------+ |
|firewall | ns | mail | web | ftp |diskless| |
| bge1 | bge1 | bge1 | bge1 | bge1 | bge1 | |
+----+----+--+---+--+---+--+---+--+---+----+---+-+
|254 |2 |3 |4 |5 |1 192.168.2.0/24
------+-------+------+------+------+--------+------------------
ここで,
t2# jls
JID IP Address Hostname Path
1 192.168.2.4 web.cct2 /jails/web
2 192.168.2.2 ns.cct2 /jails/ns
3 192.168.2.3 mail.cct2 /jails/mail
5 192.168.2.1 diskless.cct2 /jails/diskless
7 192.168.2.5 ftp.cct2 /jails/ftp
t2# ping -c 3 202.26.248.4
PING 202.26.248.4 (202.26.248.4): 56 data bytes
64 bytes from 202.26.248.4: icmp_seq=0 ttl=63 time=0.185 ms
64 bytes from 202.26.248.4: icmp_seq=1 ttl=63 time=0.179 ms
64 bytes from 202.26.248.4: icmp_seq=2 ttl=63 time=0.179 ms
--- 202.26.248.4 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.179/0.181/0.185/0.003 ms
t2# ping -c 3 192.168.2.4
PING 192.168.2.4 (192.168.2.4): 56 data bytes
64 bytes from 192.168.2.4: icmp_seq=0 ttl=64 time=0.017 ms
64 bytes from 192.168.2.4: icmp_seq=1 ttl=64 time=0.021 ms
64 bytes from 192.168.2.4: icmp_seq=2 ttl=64 time=0.018 ms
--- 192.168.2.4 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.017/0.019/0.021/0.002 ms
t2# jexec 7 tcsh
ftp# ping -c 3 192.168.2.4
PING 192.168.2.4 (192.168.2.4): 56 data bytes
64 bytes from 192.168.2.4: icmp_seq=0 ttl=64 time=0.017 ms
64 bytes from 192.168.2.4: icmp_seq=1 ttl=64 time=0.021 ms
64 bytes from 192.168.2.4: icmp_seq=2 ttl=64 time=0.010 ms
--- 192.168.2.4 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.010/0.016/0.021/0.005 ms
ftp# ping -c 3 202.26.248.4
PING 202.26.248.4 (202.26.248.4): 56 data bytes
--- 202.26.248.4 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
ftp#
なかんじです.とりあえず
t2# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 202.26.248.33 UGS 12 1785 bge0
127.0.0.1 link#3 UH 0 11 lo0
192.168.2.0/24 link#2 U 6 1458 bge1
192.168.2.1 link#2 UHS 0 1459 lo0 =>
192.168.2.1/32 link#2 U 0 0 bge1
192.168.2.2 link#2 UHS 0 1471 lo0 =>
192.168.2.2/32 link#2 U 0 0 bge1
192.168.2.3 link#2 UHS 0 1459 lo0 =>
192.168.2.3/32 link#2 U 0 0 bge1
192.168.2.4 link#2 UHS 0 1463 lo0 =>
192.168.2.4/32 link#2 U 0 0 bge1
192.168.2.5 link#2 UHS 0 803 lo0 =>
192.168.2.5/32 link#2 U 0 0 bge1
192.168.2.254 link#2 UHS 0 0 lo0
202.26.248.32/27 link#1 U 1 1458 bge0
202.26.248.53 link#1 UHS 0 0 lo0
Internet6:
Destination Gateway Flags
Netif Expire
::1 ::1 UH lo0
fe80::%lo0/64 link#3 U lo0
fe80::1%lo0 link#3 UHS lo0
ff01:3::/32 fe80::1%lo0 U lo0
ff02::%lo0/32 fe80::1%lo0 U lo0
t2# ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
ether d4:85:64:39:70:82
inet 202.26.248.53 netmask 0xffffffe0 broadcast 202.26.248.63
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
ether d4:85:64:39:70:83
inet 192.168.2.254 netmask 0xffffff00 broadcast 192.168.2.255
inet 192.168.2.4 netmask 0xffffffff broadcast 192.168.2.4
inet 192.168.2.2 netmask 0xffffffff broadcast 192.168.2.2
inet 192.168.2.3 netmask 0xffffffff broadcast 192.168.2.3
inet 192.168.2.1 netmask 0xffffffff broadcast 192.168.2.1
inet 192.168.2.5 netmask 0xffffffff broadcast 192.168.2.5
media: Ethernet autoselect (1000baseT
<full-duplex,flowcontrol,rxpause,txpause>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
t2# sysctl -a|grep jail
security.jail.param.cpuset.id: 0
security.jail.param.host.hostid: 0
security.jail.param.host.hostuuid: 64
security.jail.param.host.domainname: 256
security.jail.param.host.hostname: 256
security.jail.param.children.max: 0
security.jail.param.children.cur: 0
security.jail.param.enforce_statfs: 0
security.jail.param.securelevel: 0
security.jail.param.path: 1024
security.jail.param.name: 256
security.jail.param.parent: 0
security.jail.param.jid: 0
security.jail.param.linux.oss_version: 0
security.jail.param.linux.osrelease: 65
security.jail.param.linux.osname: 65
security.jail.enforce_statfs: 2
security.jail.mount_allowed: 0
security.jail.chflags_allowed: 0
security.jail.allow_raw_sockets: 1
security.jail.sysvipc_allowed: 0
security.jail.socket_unixiproute_only: 1
security.jail.set_hostname_allowed: 1
security.jail.jail_max_af_ips: 255
security.jail.jailed: 0
t2#
なかんじですが,security.jail.allow_raw_sockets は 1 にセッ
トされています.とにかく 8.0-STABLE 上で実際に動いている環境
をほぼそのままコピーしていますので???です.症状としては
「Jail 環境内からデフォルトルートが見えない」ということなん
ですが,これって 8.2-* になって何か設定する必要になったんで
したっけ?
