Issues putting jails on their own subnet

Andrew Klaus andrewklaus at gmail.com
Sun Dec 29 04:48:56 UTC 2013 

Hmm.. I did try it that way earlier, but I'm getting the same issue:

# setfib 2 netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            10.0.3.1           UGS         0        0  vlan3
10.0.4.0/24        link#13            U           0        0  vlan4
10.0.4.13/32       link#13            U           0        0  vlan4
10.0.4.16/32       link#13            U           0        0  vlan4
127.0.0.1          link#10            UH          0        0    lo0


# setfib 2 route delete 10.0.4.0/24
route: writing to routing socket: Address already in use
delete net 10.0.4.0 fib 2: gateway uses the same route


Is there a way to delete it without deleting the IP from the interface?

Thanks,

Andrew


On Sat, Dec 28, 2013 at 6:28 PM, Nikolay Denev <nike_d at cytexbg.com> wrote:

> Hi,
>
> I meant to delete the route from FIB 1, not from the main FIB, like
> "setfib 1 route delete 10.0.3.0/24"
>
> Anyways, good that you made it work using the tunable.
>
> Cheers,
>
> --Nikolay
>
>
> On Sun, Dec 29, 2013 at 12:30 AM, Andrew Klaus <andrewklaus at gmail.com>wrote:
>
>> It doesn't seem to let me delete it (first thing I tried).. Gives me this
>> error:
>>
>> # route delete 10.0.3.0/24
>> route: writing to routing socket: Address already in use
>> delete net 10.0.3.0 fib 0: gateway uses the same route
>>
>> However, using the tunable, then works perfectly.
>>
>> Thanks!
>>
>>
>> On Sat, Dec 28, 2013 at 5:16 PM, Nikolay Denev <nike_d at cytexbg.com>
>> wrote:
>>
>> > Hi Andrew,
>> >
>> > Actually you should be able to override this routing entry by just
>> > deleting it, or you can also check if "net.add_addr_allfibs" sysctl can
>> > help you.
>> >
>> >
>> > --Nikolay
>> >
>> >
>> >
>> > On Sat, Dec 28, 2013 at 10:05 PM, Andrew Klaus <andrewklaus at gmail.com
>> >wrote:
>> >
>> >> Hello,
>> >>
>> >> I'm trying to segregate some of my jails onto their own (DMZ) subnet.
>> >>
>> >> Internal subnet: 10.0.3.0/24
>> >> DMZ subnet: 10.0.4.0/24
>> >>
>> >> Both of these subnets are on my FreeBSD host, but I'm using a second
>> >> routing table for my DMZ jails as seen here:
>> >>
>> >> ---------------
>> >> setfib 1 netstat -rn
>> >> Routing tables
>> >>
>> >> Internet:
>> >> Destination        Gateway            Flags    Refs      Use  Netif
>> Expire
>> >> default            10.0.4.1           UGS         0  2393945  vlan4
>> >> 10.0.3.0/24        link#12            U           0        0  vlan3
>> >> ----------------
>> >>
>> >> The problem I'm facing, is when I try to connect to the DMZ'd jail from
>> >> the
>> >> 10.0.3.0 network, traffic comes in on vlan4 like it's supposed to, but
>> >> replies back through on the vlan3 interface. I guess this makes sense,
>> >> because of that second route entry (that I can't override).
>> >>
>> >> I've tried using PF to force the packets back through to 10.0.4.1, but
>> it
>> >> doesn't seem to want to work.  Is the only other way to use the
>> >> experimental vnet/vimage?
>> >>
>> >> Any ideas would be helpful.
>> >>
>> >> Thanks,
>> >>
>> >> Andrew
>> >> _______________________________________________
>> >> freebsd-net at freebsd.org mailing list
>> >> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> >> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>> >>
>> >
>> >
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
>
>

More information about the freebsd-net mailing list