Date: Wed, 13 Jan 2021 11:47:14 +0000 From: qroxana <qroxana@protonmail.com> To: "Alexander V. Chernikov" <melifaro@ipfw.ru> Cc: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Subject: Re: jail fib no longer works after net.add_addr_allfibs=0 Message-ID: <MvCR4Drio5DlUUAR4kbYXIzNDSIabK_W2CjyLZSOV2H5Omi4f5Bm4l-50TuWhGIOpt06g6AGg4vOs8rr8gV02HtoFRkzup_ltKQJxjrWLXk=@protonmail.com> In-Reply-To: <4325361610393748@mail.yandex.ru> References: <E1kywTP-00076Z-81.qroxana-mail-ru@smtp40.i.mail.ru> <20210111155022.71549b54@bsd64.grem.de> <YOYA9CI5rRgTMRWDLmVLRmtFBUMupAM4NvDT2X01ic-tJHzRiJeA-j6ZSNU3CCDmIAUpclXnZQGEGstteJBRD44iS2ZxsG8yJG4OgKijA6U=@protonmail.com> <4325361610393748@mail.yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, January 11, 2021 7:37 PM, Alexander V. Chernikov <melifaro@ipfw.ru> wrote:
> 11.01.2021, 14:59, "qroxana" qroxana@protonmail.com:
>
> > On Mon, 11 Jan 2021 13:25:51 +0000, Alexander V. Chernikov melifaro@ipfw.ru wrote:
> >
> > > Could you please consider clarifying the end result you want to achieve?
> > > If you could include some more details of how it was configured earlier, it would help as well.
> >
> > Thank you for the quick reply.
> > Let's say there are two jails defined in /etc/jail.conf
> > jail1 {
> > ...
> > ip4.addr = 192.168.1.101;
> > exec.fib = 1;
> > ...
> > }
> > jail2 {
> > ...
> > ip4.addr = 192.168.1.102;
> > exec.fib = 2;
> > ...
> > }
>
> Got it, thank you for the clarification.
>
> > All the traffic in jail1 goes to the default router defined in fib 1,
> > and traffic in jail2 goes to the default router defined in fib 2.
>
> Could you describe interface&routing setup as well?
> In particular, I'm looking into details of setting up # of fibs, interface configuration and default route setup.
Sure, the interface is em0 for both host and jails:
/etc/rc.conf
ipv4_addrs_em0="192.168.1.100/24"
static_routes="jail1 jail2"
route_jail1="default 192.168.1.10 -fib 1"
route_jail2="default 192.168.1.20 -fib 2"
/etc/jail.conf
jail1 {
...
interface = em0;
ip4.addr = 192.168.1.101;
exec.fib = 1;
...
}
jail2 {
...
interface = em0;
ip4.addr = 192.168.1.102;
exec.fib = 2;
...
}
I noticed net.add_addr_allfibs defaults to 0 after the
commit 2d39824195933c173bbfc9b31773070202d2e30e
svn path=/head/; revision=367491
I also noted that net.add_addr_allfibs=1 needs to be added into
/etc/sysctl.conf so it can be set before running /etc/rc.d/netif.
# setfib -F 2 route add default 192.168.1.20
route: writing to routing socket: Network is unreachable
add net default: gateway 192.168.1.20 fib 2: Network is unreachable
# sysctl net.add_addr_allfibs=1
net.add_addr_allfibs: 0 -> 1
# setfib -F 2 route add default 192.168.1.20
route: writing to routing socket: Network is unreachable
add net default: gateway 192.168.1.20 fib 2: Network is unreachable
# /etc/rc.d/netif restart
# setfib -F 2 route add default 192.168.1.20
add net default: gateway 192.168.1.20 fib 2
I'm just wondering what's the best practice for using jails
with fib when net.add_addr_allfibs=0?
Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MvCR4Drio5DlUUAR4kbYXIzNDSIabK_W2CjyLZSOV2H5Omi4f5Bm4l-50TuWhGIOpt06g6AGg4vOs8rr8gV02HtoFRkzup_ltKQJxjrWLXk=>