jail fib no longer works after net.add_addr_allfibs=0
Michael Gmelin
freebsd at grem.de
Mon Jan 11 14:50:42 UTC 2021
On Mon, 11 Jan 2021 12:38:50 +0000
qroxana <qroxana at mail.ru> wrote:
> I have exec.fib = 2 in /etc/jail.conf, but it seems the address of
> the jail is not inserted into this fib. What's the best practice
> for using jail with fib when net.add_addr_allfibs=0?
Depends on how you configure the jail address (seeing your full
jail.conf would be useful).
What I used to do when using fibs (switched everything to vnet now, as
fibs + jails can be painful), is setting something like this in rc.conf:
ifconfig_em0_name="jailif"
ifconfig_jailif="10.0.0.2/24 fib 2 description 'jail interface'"
and setting routes as needed:
static_routes="default_jailif"
route_default_jailif="default 10.0.0.1 -fib 2"
(in reality this involved vlans multiple addresses per interface)
Also, you need to make sure to use setfib correctly when jexec'ing into
a jail to (re)start daemons (plus, as a safety measure, configure
"<servicename>_fib=2" within the jail's /etc/rc.conf).
Cheers,
Michael
--
Michael Gmelin
More information about the freebsd-current
mailing list