Date: Wed, 31 May 2017 10:33:49 +0200 From: Marko =?UTF-8?B?Q3VwYcSH?= <marko.cupac@mimar.rs> To: freebsd-jail@freebsd.org Subject: setfib, jails and loopback interfaces Message-ID: <20170531103349.244f0fbf@efreet-freebsd.kappastar.com>
next in thread | raw e-mail | index | archive | help
Hi, I'm not subscribed to the list, could you please keep me in CC? I'm using ezjail as instructed in Handbook, assigning jails lo1|127.0.0.X,bce0|10.66.66.X addresses, in order to keep jails' loopback traffic off host's, and in order to be able to keep internal services on lo1 (such as redis, mongodb, mysql etc.), and external on bce0 (such as apache, unifi5 etc.). Recently I got a server with multiple NICs, and I'd like to serve both LAN and DMZ services from it. I found some information on how to accomplish that with setfib: # cat /boot/loader.conf net.fibs=3D4 net.add_addr_allfibs=3D0 # cat /etc/rc.conf ... cloned_interfaces=3D"lo1" static_routes=3D"nix nixd" route_nix=3D"-net 10.66.66.0/24 -interface bce0 -fib 1" route_nixd=3D"default 10.66.66.254 -fib 1" ... In this setup, services bound to bce0 interface work fine, but they can't contact internal services on lo1. I guess it has something to do with jail routing, but can't figure out what. Thank you in advance for any hints. --=20 Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupa=C4=87 https://www.mimar.rs/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170531103349.244f0fbf>