Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Jan 2014 22:50:52 +0000
From:      Nikolay Denev <nike_d@cytexbg.com>
To:        zaphod@berentweb.com
Cc:        "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject:   Re: Jails on fib problem
Message-ID:  <CA%2BP_MZFZ8Ue46VZOkG9sL2X_KqyXQZZb7B5z2Mm%2Br%2Bxca6UUPQ@mail.gmail.com>
In-Reply-To: <CAPSTskviFBMHUXmWhTnGB13ZEYsyQm2_azHNJ65VG42oQLpmpQ@mail.gmail.com>
References:  <1390909590119-5880672.post@n5.nabble.com> <52E7A9D8.30604@freebsd.org> <CAPSTskviFBMHUXmWhTnGB13ZEYsyQm2_azHNJ65VG42oQLpmpQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jan 28, 2014 at 5:17 PM, Beeblebrox <zaphod@berentweb.com> wrote:
>> what's a fib device? Do you mean each jail has a different default fib?
>> you are not using vimage jails?
>
> Hi Julian.
> * No vimage
> * All jails use the same fib. /etc/rc.conf:
> cloned_interfaces="lo2"
> ifconfig_lo2="inet 127.0.1.1/28"
> static_routes="jail default"
> route_jail="default 127.0.1.1 -fib 1"
> route_default="default 192.168.1.1"
>
>> so they all have the same address?? can you even do that? or you mean that
>> they all have the same default route?
> I mean same default route, jail IP's start from 127.0.1.2/32 and go to
> 127.0.1.6/32
> jail.conf assigns fib with "exec.fib = 1;"
> jails on the 127.0.1.1/28 subnet range should be able to route traffic
> through the 127.0.0.1 gateway regardless of the fact that the jails
> themselves reside on a /32 subnet. However, it's not working smoothly
>
>> fibs don't have devices.
> Yes, I know  - a misnomer.
>
> setfib 1 netstat -rn
> Destination        Gateway            Flags    Netif Expire
> default            127.0.1.1          UGS       lo2
> 127.0.0.1          link#3             UH        lo0
> 127.0.1.1          link#4             UH        lo2
> 127.0.1.2          link#4             UH        lo2
> 127.0.1.3          link#4             UH        lo2
> 127.0.1.4          link#4             UH        lo2
> 192.168.1.0/24     link#1             U         re0  (Ext_If)
> 192.168.2.0/26     link#2             U         re1  (Lan_If)
>
> To complicate things further, I also have a vboxnet0 for VBox guests.
> 127.0.1.2 is a dns jail for example. The Internal LAN clients,
> vboxnet0 guests and lo0 need to resolve names from that jail.
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

You can't use 127/8 addresses and expect them to be routed/forwarded.
See rfc1122.

--Nikolay

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BP_MZFZ8Ue46VZOkG9sL2X_KqyXQZZb7B5z2Mm%2Br%2Bxca6UUPQ>