From root@lavash.monkeybrains.net  Fri Apr  8 06:12:38 2011
Return-Path: <root@lavash.monkeybrains.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B0022106564A
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  8 Apr 2011 06:12:37 +0000 (UTC)
	(envelope-from root@lavash.monkeybrains.net)
Received: from lavash.monkeybrains.net (mail.monkeybrains.net [208.69.40.9])
	by mx1.freebsd.org (Postfix) with ESMTP id 988B58FC14
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  8 Apr 2011 06:12:37 +0000 (UTC)
Received: from lavash.monkeybrains.net (localhost [127.0.0.1])
	by lavash.monkeybrains.net (8.14.4/8.14.4) with ESMTP id p385hO78067588
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 7 Apr 2011 22:43:24 -0700 (PDT)
	(envelope-from root@lavash.monkeybrains.net)
Received: (from root@localhost)
	by lavash.monkeybrains.net (8.14.3/8.14.1/Submit) id p385hODc067587;
	Thu, 7 Apr 2011 22:43:24 -0700 (PDT)
	(envelope-from root)
Message-Id: <201104080543.p385hODc067587@lavash.monkeybrains.net>
Date: Thu, 7 Apr 2011 22:43:24 -0700 (PDT)
From: crapsh@monkeybrains.net
Reply-To: crapsh@monkeybrains.net
To: FreeBSD-gnats-submit@freebsd.org
Cc: crapsh@monkeybrains.net
Subject: jails don't use routing table
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         156270
>Category:       junk
>Synopsis:       jails don't use routing table
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 08 06:20:11 UTC 2011
>Closed-Date:    Sat Apr 09 20:15:59 UTC 2011
>Last-Modified:  Sat Apr 09 20:15:59 UTC 2011
>Originator:     Rudy
>Release:        FreeBSD 8.2-RELEASE amd64
>Organization:
MonkeyBrains.net 
>Environment:
System: FreeBSD crepe4.monkeybrains.net 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Wed Apr 6 01:45:24 PDT 2011 root@crepe4:/usr/obj/usr/src/sys/CREPE4 amd64
Jail environment
>Description:
Jails can support multiple IPs.  When picking which IP as a 'source IP' the jail does not
take into consideration the routing table as the host system does.
>How-To-Repeat:
Setup:
  Set 2 IPs on your system: 1.1.1.100/24 and 2.2.2.200/24
  set your jail to use both IPs
  export jail_example_monkeybrains_net_ip="1.1.1.1,2.2.2.2"
  Set default route to 1.1.1.1
  Set a static route to 3.3.3.3 to route through 2.2.2.1
Test: 
  run "tcpdump -n icmp" in one window
  run "ping 3.3.3.3" in 'host' -- source packet is 2.2.2.200
  run "ping 3.3.3.3" in 'jailed host' -- source packet is 1.1.1.100
  
I even added /dev/mem and /dev/kmem to the jailed environment so I could run
'netstat -rn' in the jail.  The route for 3.3.3.3 is in the routing table, 
but the kernel picks the wrong source IP. 

>Fix:
Run you stuff outside of jails.  :(

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Sat Apr 9 20:15:19 UTC 2011 
State-Changed-Why:  
misfiled duplicate of kern/156268. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=156270 
>Unformatted:
