Date: Mon, 11 Jan 2021 15:50:22 +0100 From: Michael Gmelin <freebsd@grem.de> To: qroxana <qroxana@mail.ru> Cc: freebsd-current@freebsd.org Subject: Re: jail fib no longer works after net.add_addr_allfibs=0 Message-ID: <20210111155022.71549b54@bsd64.grem.de> In-Reply-To: <E1kywTP-00076Z-81.qroxana-mail-ru@smtp40.i.mail.ru> References: <E1kywTP-00076Z-81.qroxana-mail-ru@smtp40.i.mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Jan 2021 12:38:50 +0000 qroxana <qroxana@mail.ru> wrote: > I have exec.fib = 2 in /etc/jail.conf, but it seems the address of > the jail is not inserted into this fib. What's the best practice > for using jail with fib when net.add_addr_allfibs=0? Depends on how you configure the jail address (seeing your full jail.conf would be useful). What I used to do when using fibs (switched everything to vnet now, as fibs + jails can be painful), is setting something like this in rc.conf: ifconfig_em0_name="jailif" ifconfig_jailif="10.0.0.2/24 fib 2 description 'jail interface'" and setting routes as needed: static_routes="default_jailif" route_default_jailif="default 10.0.0.1 -fib 2" (in reality this involved vlans multiple addresses per interface) Also, you need to make sure to use setfib correctly when jexec'ing into a jail to (re)start daemons (plus, as a safety measure, configure "<servicename>_fib=2" within the jail's /etc/rc.conf). Cheers, Michael -- Michael Gmelin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210111155022.71549b54>