fib/setfib question

[Beeblebrox]

Hello.
On my system I have Internal-Network, External-Network, lo0 and a cloned lo2
for Jails. Traffic from lo0 and the Internal Network for certain ports (like
80) will be diverted first to proxies running in jails and then to the
outside (Ext-If). The other ports will forward requests to gateway directly.
It was suggested I use multiple routing tables for this instead of redirects
in pf. I have read a good amount of documentation and get the concepts, but
I have minor points to clear up.

1. The lo2 clone can use the 192.168.2.96/28 IP address group yet each jail
is to have one of  192.168.2.(97-105)/32 adress assignments. Do I setup one
fib for the lo2 address group (preferable but seems unlikely) or do I set
one-fib-per jail with "jail_<name>_fib=n" in jail.conf?
2. I assume I also need to assign one fib to the Int-If NIC? If yes, how is
it done persistently in /etc/rc.conf? I came accross this code, but it does
not seem very logical:
 setfib 1 route delete default
 setfib 1 route add default 192.168.2.1 (Int-If's IP)
3. Same question as above, but for the jail. I would assume that
"jail_<name>_fib=n" would take care of the whole thing.
4. What (if any) should be the "defaultrouter=" setting in
<jail>/etc/rc.conf? a) Nothing b) The fib-address c) The Ext-If address. It
seems fib-address is the correct choice.

I have not come across specific answers/examples for these questions.
Thanks and Regards.



-----
FreeBSD-11-current_amd64_root-on-zfs_RadeonKMS
--
View this message in context: http://freebsd.1045724.n5.nabble.com/fib-setfib-question-tp5871834.html
Sent from the freebsd-net mailing list archive at Nabble.com.