Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 27 Feb 2015 12:07:59 -0500
From:      Allan Jude <allanjude@freebsd.org>
To:        freebsd-jail@freebsd.org
Subject:   Re: fib issue with VLAN
Message-ID:  <54F0A46F.7070707@freebsd.org>
In-Reply-To: <c3fee21ee51657e586a594f3278bd10c@mail.unix-experience.fr>
References:  <c3fee21ee51657e586a594f3278bd10c@mail.unix-experience.fr>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--jDJchsJlw2QIwvFGhnqClbgcp8WgpHsSs
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 2015-02-27 04:21, Lo=C3=AFc Blot wrote:
> Hello,
> i'm trying to implement jails over multiples networks, using VLANs, wit=
h different default routes. The network stack is simple
>=20
> igb0-3 into lagg0
> vlan 10-30 over lagg0
> jails over VLANs using a fib for each VLAN (but no fib set on the VLAN =
iface itself)
>=20
> Whereas it works for a week on my server, after a reboot, the outgoing =
packets aren't routed to lagg and then outgoing requests doesn't work (li=
ke DNS requests), i don't find why.
>=20
> The fib is correctly set
>=20
> /etc/rc.local:
> setfib 1 route add -net 192.168.136.0/24 -iface vlan136
> setfib 1 route add default 192.168.136.254
>=20
> root@jh1:~ # setfib 1 netstat -rnfinet
> Routing tables (fib: 1)
>=20
> Internet:
> Destination        Gateway            Flags      Netif Expire
> default            192.168.136.254    UGS     vlan136
> 192.168.136.0/24   ac:16:2d:96:e5:04  US      vlan136
>=20
> and the jails are correctly configured:
>=20
> root@jh1:~ # cat /var/run/jail.idevmysql.conf
> # Generated by rc.d/jail at 2015-02-27 10:38:05
> devmysql {
>     host.hostname =3D "devmysql.local.net";
>     path =3D "/jails/dev/devmysql";
>     ip4.addr +=3D "vlan136|192.168.136.50/32";
>     exec.fib =3D "1";
>     allow.raw_sockets =3D 0;
>     exec.clean;
>     exec.system_user =3D "root";
>     exec.jail_user =3D "root";
>     exec.start +=3D "/bin/sh /etc/rc";
>     exec.stop =3D "";
>     exec.consolelog =3D "/var/log/jail_idevmysql_console.log";
>     mount.fstab =3D "/etc/fstab.idevmysql";
>     mount.devfs;
>     mount.fdescfs;
>     mount +=3D  "procfs /jails/dev/idevmysql/proc procfs rw 0 0";
>     allow.mount;
>     allow.set_hostname =3D 0;
>     allow.sysvipc =3D 0;
> }
>=20
> Routing is also enabled:
>=20
> root@jh1:~ # sysctl net.inet.ip.forwarding
> net.inet.ip.forwarding: 1
>=20
> If we are trying to contact the jail from an external host, for example=
 with ansible, the SSH connection works very well but it seems outgoing i=
nitiated connections are staying on vlan136 but not forwarded to lagg0.
> Have you got any idea ?
>=20
> Thanks in advance
> Regards,
>=20
> Lo=C3=AFc Blot,
> UNIX Systems, Network and Security Engineer
> http://www.unix-experience.fr (http://www.unix-experience.fr)
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"=

>=20

the lines from your rc.conf that create the lagg and vlan interfaces may
be helpful (pastebin them maybe if it is a lot of text), as well as the
ifconfig output.

I don't see you using any fib other than 1 for a jail, so it is hard to
understand your setup.


--=20
Allan Jude


--jDJchsJlw2QIwvFGhnqClbgcp8WgpHsSs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJU8KRyAAoJEJrBFpNRJZKfB5kP/RVA8RKrMtZLVBudjL5jK/qR
5/dmjET4YwGbkPHCy4RAq3E9u+O0LFpcCbHRCpGvL4ZTAr0ED3I3p1zYP8gnhhng
p+Qgpawgp9w2a0lnx669BmnkvHJaJ0ZFtUuFBAneOEuqznQm4osbPZVq+9O5m3MZ
gqjzxE42QG2maRHA0jMNlsvzUWMs/DYIEHJS9CNFNtlKEbGP9m+WYmU5qnelkxpP
9GQxH4XggTRI13x/v9NsW//uY3g/UOsskmJ7PoinTccCEtG9vzkzNGI4CdFgtqgw
fXSdmPtufA1eSlkO5gOjPom98h/rv4fKFwn+WgV7Hs6R8vyOy2Kgl/SouuccrCN1
V2duGvAnaQchfUcVJlDNX2Cgox6qQ/nyBWFZSbgdT7QoD8An3dsp7S/n7tONF3TI
hd2TJArCHamoKi9qB/0dWEwxnHRd8cdAt86x3jBgaNGvuy6tEPHYq+uH8gMOSEJN
TU0xEikG3tPmG/g546q3p5cC2qDKefTnp70knp9nVN0jg0Kofrm/PQlp0NcGJYs4
R9rkECaBabve64jl1gFl4X0oWoV4Cye85IujWVUIueLcPobzF3PcWOsF8MgxApOj
FbY7uk8rmVLOlBidMLEhVKYSav3vv4JoSBvhybgKTh7pfj7u5cFpVyTsk1IrWVQ+
Xaz8R2oHqqKLqtTlv5Lo
=hAWs
-----END PGP SIGNATURE-----

--jDJchsJlw2QIwvFGhnqClbgcp8WgpHsSs--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54F0A46F.7070707>