setfib (ez)jails and wierd routing
Marko Cupać
marko.cupac at mimar.rs
Tue Oct 17 18:28:29 UTC 2017
On Mon, 16 Oct 2017 20:07:28 +0200
Marek Zarychta <zarychtam at plan-b.pwste.edu.pl> wrote:
> Hi,
>
> try after to set "ifconfig bce1 fib 2" after disabling PF.
> This should do the work.
Hi Marek,
thank you for your advice, it seems to be getting me closer to the
solution.
PF is not enabled on this host. I've set `ifconfig bce1 fib 2'
interactively, and packets with source address of DMZ net disappeared
from LAN NIC (bce0 / fib 1).
I wanted of course to have this automated, so I changed my rc.conf line
for bce1:
ifconfig_bce1="inet 193.53.106.7 netmask 255.255.255.0 fib 2"
However, after restart I observed another undesirable situation -
packets with source address 193.53.106.7 leaving bce0 interface. I
found out those are generated by sysutils/py-salt master service
running directly on host (fib 0), bound to 193.53.106.7 (on interface
bce1, which is now set as fib 2 at boot time).
Why is outcome different when bce1 is set with fib 2 at the boot time
from rc.conf from setting it at runtime?
If setting bce1 with fib2 at the boot time from rc.conf, should I also
start services running directly on host and bound to bce1 in fib 2?
Would this be the correct rc.conf syntax for starting services in other
fibs (for salt):
salt_master_enable="YES"
salt_master_fib="2"
salt_minion_enable="YES"
salt_minion_fib="2"
Thank you in advance,
--
Before enlightenment - chop wood, draw water.
After enlightenment - chop wood, draw water.
Marko Cupać
https://www.mimar.rs/
More information about the freebsd-net
mailing list