Date: Mon, 02 Mar 2015 08:12:41 +0000 From: "=?utf-8?B?TG/Dr2MgQmxvdA==?=" <loic.blot@unix-experience.fr> To: freebsd-net@freebsd.org Subject: fib issue with jails. Message-ID: <bc15cc61e9557bd654cc90ed8d9a2234@mail.unix-experience.fr>
next in thread | raw e-mail | index | archive | help
Hello,=0Ai'm trying to implement jails over multiples networks, using VLA=
Ns, with different default routes. The network stack is simple=0A=0Aigb0-=
3 into lagg0=0Avlan 10-30 over lagg0=0Ajails over VLANs using a fib for e=
ach VLAN (but no fib set on the VLAN iface itself)=0A=0AWhereas it works =
for a week on my server, after a reboot, the outgoing packets aren't rout=
ed to lagg and then outgoing requests doesn't work (like DNS requests), i=
don't find why.=0A=0AThe fib is correctly set=0A=0A/etc/rc.local:=0Asetf=
ib 1 route add -net 192.168.136.0/24 -iface vlan136=0Asetfib 1 route add =
default 192.168.136.254=0A=0Aroot@jh1:~ # setfib 1 netstat -rnfinet=0ARou=
ting tables (fib: 1)=0A=0AInternet:=0ADestination=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0 Gateway=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0 Flags=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Netif Expire=0A=
default=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
192.168.136.254=C2=A0=C2=A0=C2=A0 UGS=C2=A0=C2=A0=C2=A0=C2=A0 vlan136=0A=
192.168.136.0/24=C2=A0=C2=A0 ac:16:2d:96:e5:04=C2=A0 US=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 vlan136=0A=0Aand the jails are correctly configured:=0A=0Aro=
ot@jh1:~ # cat /var/run/jail.idevmysql.conf=0A# Generated by rc.d/jail at=
2015-02-27 10:38:05=0Adevmysql {=0A=C2=A0=C2=A0 =C2=A0host.hostname =3D =
"devmysql.local.net";=0A=C2=A0=C2=A0 =C2=A0path =3D "/jails/dev/devmysql"=
;=0A=C2=A0=C2=A0 =C2=A0ip4.addr +=3D "vlan136|192.168.136.50/32";=0A=C2=
=A0=C2=A0 =C2=A0exec.fib =3D "1";=0A=C2=A0=C2=A0 =C2=A0allow.raw_sockets =
=3D 0;=0A=C2=A0=C2=A0 =C2=A0exec.clean;=0A=C2=A0=C2=A0 =C2=A0exec.system_=
user =3D "root";=0A=C2=A0=C2=A0 =C2=A0exec.jail_user =3D "root";=0A=C2=A0=
=C2=A0 =C2=A0exec.start +=3D "/bin/sh /etc/rc";=0A=C2=A0=C2=A0 =C2=A0exec=
.stop =3D "";=0A=C2=A0=C2=A0 =C2=A0exec.consolelog =3D "/var/log/jail_ide=
vmysql_console.log";=0A=C2=A0=C2=A0 =C2=A0mount.fstab =3D "/etc/fstab.ide=
vmysql";=0A=C2=A0=C2=A0 =C2=A0mount.devfs;=0A=C2=A0=C2=A0 =C2=A0mount.fde=
scfs;=0A=C2=A0=C2=A0 =C2=A0mount +=3D=C2=A0 "procfs /jails/dev/idevmysql/=
proc procfs rw 0 0";=0A=C2=A0=C2=A0 =C2=A0allow.mount;=0A=C2=A0=C2=A0 =C2=
=A0allow.set_hostname =3D 0;=0A=C2=A0=C2=A0 =C2=A0allow.sysvipc =3D 0;=0A=
}=0A=0ARouting is also enabled:=0A=0Aroot@jh1:~ # sysctl net.inet.ip.forw=
arding=0Anet.inet.ip.forwarding: 1=0A=0AIf we are trying to contact the j=
ail from an external host, for example with ansible, the SSH connection w=
orks very well but it seems outgoing initiated connections are staying on=
vlan136 but not forwarded to lagg0.=0AHave you got any idea ?=0A=0AThank=
s in advance=0ARegards,=0A=0ALo=C3=AFc Blot,=0AUNIX Systems, Network and =
Security Engineer=0Ahttp://www.unix-experience.fr (http://www.unix-experi=
ence.fr)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bc15cc61e9557bd654cc90ed8d9a2234>