Issues putting jails on their own subnet
Nikolay Denev
nike_d at cytexbg.com
Sun Dec 29 11:53:03 UTC 2013
Hmm, you are right.
I'm pretty sure I was able to do this before running 9.1 however I've tried
now on 10 and it fails.
Quick search suggests some changes that might prevent the route to be
deleted :
http://lists.freebsd.org/pipermail/svn-src-head/2013-March/045550.html
--Nikolay
On Sun, Dec 29, 2013 at 4:48 AM, Andrew Klaus <andrewklaus at gmail.com> wrote:
> Hmm.. I did try it that way earlier, but I'm getting the same issue:
>
> # setfib 2 netstat -rn
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Netif Expire
> default 10.0.3.1 UGS 0 0 vlan3
> 10.0.4.0/24 link#13 U 0 0 vlan4
> 10.0.4.13/32 link#13 U 0 0 vlan4
> 10.0.4.16/32 link#13 U 0 0 vlan4
> 127.0.0.1 link#10 UH 0 0 lo0
>
>
> # setfib 2 route delete 10.0.4.0/24
> route: writing to routing socket: Address already in use
> delete net 10.0.4.0 fib 2: gateway uses the same route
>
>
> Is there a way to delete it without deleting the IP from the interface?
>
> Thanks,
>
> Andrew
>
>
> On Sat, Dec 28, 2013 at 6:28 PM, Nikolay Denev <nike_d at cytexbg.com> wrote:
>
>> Hi,
>>
>> I meant to delete the route from FIB 1, not from the main FIB, like
>> "setfib 1 route delete 10.0.3.0/24"
>>
>> Anyways, good that you made it work using the tunable.
>>
>> Cheers,
>>
>> --Nikolay
>>
>>
>> On Sun, Dec 29, 2013 at 12:30 AM, Andrew Klaus <andrewklaus at gmail.com>wrote:
>>
>>> It doesn't seem to let me delete it (first thing I tried).. Gives me this
>>> error:
>>>
>>> # route delete 10.0.3.0/24
>>> route: writing to routing socket: Address already in use
>>> delete net 10.0.3.0 fib 0: gateway uses the same route
>>>
>>> However, using the tunable, then works perfectly.
>>>
>>> Thanks!
>>>
>>>
>>> On Sat, Dec 28, 2013 at 5:16 PM, Nikolay Denev <nike_d at cytexbg.com>
>>> wrote:
>>>
>>> > Hi Andrew,
>>> >
>>> > Actually you should be able to override this routing entry by just
>>> > deleting it, or you can also check if "net.add_addr_allfibs" sysctl can
>>> > help you.
>>> >
>>> >
>>> > --Nikolay
>>> >
>>> >
>>> >
>>> > On Sat, Dec 28, 2013 at 10:05 PM, Andrew Klaus <andrewklaus at gmail.com
>>> >wrote:
>>> >
>>> >> Hello,
>>> >>
>>> >> I'm trying to segregate some of my jails onto their own (DMZ) subnet.
>>> >>
>>> >> Internal subnet: 10.0.3.0/24
>>> >> DMZ subnet: 10.0.4.0/24
>>> >>
>>> >> Both of these subnets are on my FreeBSD host, but I'm using a second
>>> >> routing table for my DMZ jails as seen here:
>>> >>
>>> >> ---------------
>>> >> setfib 1 netstat -rn
>>> >> Routing tables
>>> >>
>>> >> Internet:
>>> >> Destination Gateway Flags Refs Use Netif
>>> Expire
>>> >> default 10.0.4.1 UGS 0 2393945 vlan4
>>> >> 10.0.3.0/24 link#12 U 0 0 vlan3
>>> >> ----------------
>>> >>
>>> >> The problem I'm facing, is when I try to connect to the DMZ'd jail
>>> from
>>> >> the
>>> >> 10.0.3.0 network, traffic comes in on vlan4 like it's supposed to, but
>>> >> replies back through on the vlan3 interface. I guess this makes sense,
>>> >> because of that second route entry (that I can't override).
>>> >>
>>> >> I've tried using PF to force the packets back through to 10.0.4.1,
>>> but it
>>> >> doesn't seem to want to work. Is the only other way to use the
>>> >> experimental vnet/vimage?
>>> >>
>>> >> Any ideas would be helpful.
>>> >>
>>> >> Thanks,
>>> >>
>>> >> Andrew
>>> >> _______________________________________________
>>> >> freebsd-net at freebsd.org mailing list
>>> >> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>>> >> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org
>>> "
>>> >>
>>> >
>>> >
>>> _______________________________________________
>>> freebsd-net at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>>
>>
>>
>
More information about the freebsd-net
mailing list