From owner-freebsd-net@FreeBSD.ORG Fri Dec 27 11:50:29 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 40881D49 for ; Fri, 27 Dec 2013 11:50:29 +0000 (UTC) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 23B7C191A for ; Fri, 27 Dec 2013 11:50:28 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1VwVvv-0000s7-Fk for freebsd-net@freebsd.org; Fri, 27 Dec 2013 03:50:27 -0800 Date: Fri, 27 Dec 2013 03:50:27 -0800 (PST) From: Beeblebrox To: freebsd-net@freebsd.org Message-ID: <1388145027430-5871834.post@n5.nabble.com> Subject: fib/setfib question MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Dec 2013 11:50:29 -0000 Hello. On my system I have Internal-Network, External-Network, lo0 and a cloned lo2 for Jails. Traffic from lo0 and the Internal Network for certain ports (like 80) will be diverted first to proxies running in jails and then to the outside (Ext-If). The other ports will forward requests to gateway directly. It was suggested I use multiple routing tables for this instead of redirects in pf. I have read a good amount of documentation and get the concepts, but I have minor points to clear up. 1. The lo2 clone can use the 192.168.2.96/28 IP address group yet each jail is to have one of 192.168.2.(97-105)/32 adress assignments. Do I setup one fib for the lo2 address group (preferable but seems unlikely) or do I set one-fib-per jail with "jail__fib=n" in jail.conf? 2. I assume I also need to assign one fib to the Int-If NIC? If yes, how is it done persistently in /etc/rc.conf? I came accross this code, but it does not seem very logical: setfib 1 route delete default setfib 1 route add default 192.168.2.1 (Int-If's IP) 3. Same question as above, but for the jail. I would assume that "jail__fib=n" would take care of the whole thing. 4. What (if any) should be the "defaultrouter=" setting in /etc/rc.conf? a) Nothing b) The fib-address c) The Ext-If address. It seems fib-address is the correct choice. I have not come across specific answers/examples for these questions. Thanks and Regards. ----- FreeBSD-11-current_amd64_root-on-zfs_RadeonKMS -- View this message in context: http://freebsd.1045724.n5.nabble.com/fib-setfib-question-tp5871834.html Sent from the freebsd-net mailing list archive at Nabble.com.