From owner-freebsd-net@FreeBSD.ORG  Mon Mar  2 08:12:49 2015
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4EB4B838
 for <freebsd-net@freebsd.org>; Mon,  2 Mar 2015 08:12:49 +0000 (UTC)
Received: from smtp.unix-experience.fr (195-154-176-227.rev.poneytelecom.eu
 [195.154.176.227])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 07DCAD9D
 for <freebsd-net@freebsd.org>; Mon,  2 Mar 2015 08:12:48 +0000 (UTC)
Received: from smtp.unix-experience.fr (unknown [192.168.200.21])
 by smtp.unix-experience.fr (Postfix) with ESMTP id 54DD42B3DC
 for <freebsd-net@freebsd.org>; Mon,  2 Mar 2015 08:12:44 +0000 (UTC)
X-Virus-Scanned: scanned by unix-experience.fr
Received: from smtp.unix-experience.fr ([192.168.200.21])
 by smtp.unix-experience.fr (smtp.unix-experience.fr [192.168.200.21])
 (amavisd-new, port 10024)
 with ESMTP id 1QVidmUtsAbU for <freebsd-net@freebsd.org>;
 Mon,  2 Mar 2015 08:12:42 +0000 (UTC)
Received: from mail.unix-experience.fr (repo.unix-experience.fr
 [192.168.200.30])
 by smtp.unix-experience.fr (Postfix) with ESMTPSA id 2FF9B2B3C0
 for <freebsd-net@freebsd.org>; Mon,  2 Mar 2015 08:12:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=unix-experience.fr;
 s=uxselect; t=1425283962;
 bh=DPv5LS8ZcAmej7JuvQnI5z0uW3BWUbbbT0RshCkNCkM=;
 h=Date:From:Subject:To;
 b=igp7FWR0vM+iCWT6CgEA0wCLXJDOOpttMSZ6oCbIXzBISjs0BgS08W9nl6Z/SEhmC
 1qYaqWgLPt8s8DugGT6fSmVWKwRZHJPtbnhhbmgw3bd3+akbl5F8fhlm+B9TMxvxXx
 YVPRzXBvPoRN9s7LDN8vucmjVXGn/tLdyvm4SiYU=
Mime-Version: 1.0
Date: Mon, 02 Mar 2015 08:12:41 +0000
Message-ID: <bc15cc61e9557bd654cc90ed8d9a2234@mail.unix-experience.fr>
X-Mailer: RainLoop/1.8.0.250
From: "=?utf-8?B?TG/Dr2MgQmxvdA==?=" <loic.blot@unix-experience.fr>
Subject: fib issue with jails.
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2015 08:12:49 -0000

Hello,=0Ai'm trying to implement jails over multiples networks, using VLA=
Ns, with different default routes. The network stack is simple=0A=0Aigb0-=
3 into lagg0=0Avlan 10-30 over lagg0=0Ajails over VLANs using a fib for e=
ach VLAN (but no fib set on the VLAN iface itself)=0A=0AWhereas it works =
for a week on my server, after a reboot, the outgoing packets aren't rout=
ed to lagg and then outgoing requests doesn't work (like DNS requests), i=
 don't find why.=0A=0AThe fib is correctly set=0A=0A/etc/rc.local:=0Asetf=
ib 1 route add -net 192.168.136.0/24 -iface vlan136=0Asetfib 1 route add =
default 192.168.136.254=0A=0Aroot@jh1:~ # setfib 1 netstat -rnfinet=0ARou=
ting tables (fib: 1)=0A=0AInternet:=0ADestination=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0 Gateway=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0 Flags=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Netif Expire=0A=
default=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
 192.168.136.254=C2=A0=C2=A0=C2=A0 UGS=C2=A0=C2=A0=C2=A0=C2=A0 vlan136=0A=
192.168.136.0/24=C2=A0=C2=A0 ac:16:2d:96:e5:04=C2=A0 US=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 vlan136=0A=0Aand the jails are correctly configured:=0A=0Aro=
ot@jh1:~ # cat /var/run/jail.idevmysql.conf=0A# Generated by rc.d/jail at=
 2015-02-27 10:38:05=0Adevmysql {=0A=C2=A0=C2=A0 =C2=A0host.hostname =3D =
"devmysql.local.net";=0A=C2=A0=C2=A0 =C2=A0path =3D "/jails/dev/devmysql"=
;=0A=C2=A0=C2=A0 =C2=A0ip4.addr +=3D "vlan136|192.168.136.50/32";=0A=C2=
=A0=C2=A0 =C2=A0exec.fib =3D "1";=0A=C2=A0=C2=A0 =C2=A0allow.raw_sockets =
=3D 0;=0A=C2=A0=C2=A0 =C2=A0exec.clean;=0A=C2=A0=C2=A0 =C2=A0exec.system_=
user =3D "root";=0A=C2=A0=C2=A0 =C2=A0exec.jail_user =3D "root";=0A=C2=A0=
=C2=A0 =C2=A0exec.start +=3D "/bin/sh /etc/rc";=0A=C2=A0=C2=A0 =C2=A0exec=
.stop =3D "";=0A=C2=A0=C2=A0 =C2=A0exec.consolelog =3D "/var/log/jail_ide=
vmysql_console.log";=0A=C2=A0=C2=A0 =C2=A0mount.fstab =3D "/etc/fstab.ide=
vmysql";=0A=C2=A0=C2=A0 =C2=A0mount.devfs;=0A=C2=A0=C2=A0 =C2=A0mount.fde=
scfs;=0A=C2=A0=C2=A0 =C2=A0mount +=3D=C2=A0 "procfs /jails/dev/idevmysql/=
proc procfs rw 0 0";=0A=C2=A0=C2=A0 =C2=A0allow.mount;=0A=C2=A0=C2=A0 =C2=
=A0allow.set_hostname =3D 0;=0A=C2=A0=C2=A0 =C2=A0allow.sysvipc =3D 0;=0A=
}=0A=0ARouting is also enabled:=0A=0Aroot@jh1:~ # sysctl net.inet.ip.forw=
arding=0Anet.inet.ip.forwarding: 1=0A=0AIf we are trying to contact the j=
ail from an external host, for example with ansible, the SSH connection w=
orks very well but it seems outgoing initiated connections are staying on=
 vlan136 but not forwarded to lagg0.=0AHave you got any idea ?=0A=0AThank=
s in advance=0ARegards,=0A=0ALo=C3=AFc Blot,=0AUNIX Systems, Network and =
Security Engineer=0Ahttp://www.unix-experience.fr (http://www.unix-experi=
ence.fr)