From owner-freebsd-net@freebsd.org Tue Oct 17 18:28:29 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B78C1E437AD for ; Tue, 17 Oct 2017 18:28:29 +0000 (UTC) (envelope-from marko.cupac@mimar.rs) Received: from mail.mimar.rs (tazar.mimar.rs [193.53.106.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 744567D77B for ; Tue, 17 Oct 2017 18:28:29 +0000 (UTC) (envelope-from marko.cupac@mimar.rs) Received: from tazar.mimar.rs (localhost [127.0.2.132]) by mail.mimar.rs (Postfix) with ESMTP id 5F303620BDE8; Tue, 17 Oct 2017 20:28:21 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mimar.rs; h= content-transfer-encoding:content-type:content-type:mime-version :x-mailer:organization:references:in-reply-to:message-id:subject :subject:from:from:date:date:received:received; s=mimar-0901; t= 1508264898; x=1510079299; bh=ZbcskLJja1kmi7hbPb4LJNoT6U58T7aWxGX IATaMgbA=; b=OnWYzKh7wNNylyTcKjDwHAG6Js91DAam0cC0HlEyYCEJPV+N8qx UBJFgWHp8h46+zRF4fiXFb1BBXBWGtqn8DLwaCW1cA2kFl5lzAxO/tGlFM6NIvbk pabvEEhYWQ/0chTKaC8kVtb7xJSjdUPRSI9wPijKcnPqeO+1G+Sae/Fs= X-Virus-Scanned: amavisd-new at mimar.rs Received: from mail.mimar.rs ([127.0.2.132]) by tazar.mimar.rs (amavis.mimar.rs [127.0.2.132]) (amavisd-new, port 10026) with LMTP id 9ug4PFhZRg_X; Tue, 17 Oct 2017 20:28:18 +0200 (CEST) Received: from efreet-freebsd.kappastar.com (93-86-139-135.dynamic.isp.telekom.rs [93.86.139.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: marko.cupac) by mail.mimar.rs (Postfix) with ESMTPSA id 11414620BDE6; Tue, 17 Oct 2017 20:28:17 +0200 (CEST) Date: Tue, 17 Oct 2017 20:28:16 +0200 From: Marko =?UTF-8?B?Q3VwYcSH?= To: Marek Zarychta Cc: freebsd-net@freebsd.org Subject: Re: setfib (ez)jails and wierd routing Message-ID: <20171017202816.66a1664d@efreet-freebsd.kappastar.com> In-Reply-To: <20171016180728.GA32726@plan-b.pwste.edu.pl> References: <20171016162204.5d01a1b1@efreet-freebsd.kappastar.com> <20171016180728.GA32726@plan-b.pwste.edu.pl> Organization: Mimar X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.31; amd64-portbld-freebsd11.1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2017 18:28:29 -0000 On Mon, 16 Oct 2017 20:07:28 +0200 Marek Zarychta wrote: > Hi, >=20 > try after to set "ifconfig bce1 fib 2" after disabling PF.=20 > This should do the work. Hi Marek, thank you for your advice, it seems to be getting me closer to the solution. PF is not enabled on this host. I've set `ifconfig bce1 fib 2' interactively, and packets with source address of DMZ net disappeared from LAN NIC (bce0 / fib 1). I wanted of course to have this automated, so I changed my rc.conf line for bce1: ifconfig_bce1=3D"inet 193.53.106.7 netmask 255.255.255.0 fib 2" However, after restart I observed another undesirable situation - packets with source address 193.53.106.7 leaving bce0 interface. I found out those are generated by sysutils/py-salt master service running directly on host (fib 0), bound to 193.53.106.7 (on interface bce1, which is now set as fib 2 at boot time). Why is outcome different when bce1 is set with fib 2 at the boot time from rc.conf from setting it at runtime? If setting bce1 with fib2 at the boot time from rc.conf, should I also start services running directly on host and bound to bce1 in fib 2? Would this be the correct rc.conf syntax for starting services in other fibs (for salt): salt_master_enable=3D"YES" salt_master_fib=3D"2" salt_minion_enable=3D"YES" salt_minion_fib=3D"2" Thank you in advance, --=20 Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupa=C4=87 https://www.mimar.rs/