fib issue with VLAN

Allan Jude allanjude at freebsd.org
Fri Feb 27 17:07:51 UTC 2015 

On 2015-02-27 04:21, Loïc Blot wrote:
> Hello,
> i'm trying to implement jails over multiples networks, using VLANs, with different default routes. The network stack is simple
> 
> igb0-3 into lagg0
> vlan 10-30 over lagg0
> jails over VLANs using a fib for each VLAN (but no fib set on the VLAN iface itself)
> 
> Whereas it works for a week on my server, after a reboot, the outgoing packets aren't routed to lagg and then outgoing requests doesn't work (like DNS requests), i don't find why.
> 
> The fib is correctly set
> 
> /etc/rc.local:
> setfib 1 route add -net 192.168.136.0/24 -iface vlan136
> setfib 1 route add default 192.168.136.254
> 
> root at jh1:~ # setfib 1 netstat -rnfinet
> Routing tables (fib: 1)
> 
> Internet:
> Destination        Gateway            Flags      Netif Expire
> default            192.168.136.254    UGS     vlan136
> 192.168.136.0/24   ac:16:2d:96:e5:04  US      vlan136
> 
> and the jails are correctly configured:
> 
> root at jh1:~ # cat /var/run/jail.idevmysql.conf
> # Generated by rc.d/jail at 2015-02-27 10:38:05
> devmysql {
>     host.hostname = "devmysql.local.net";
>     path = "/jails/dev/devmysql";
>     ip4.addr += "vlan136|192.168.136.50/32";
>     exec.fib = "1";
>     allow.raw_sockets = 0;
>     exec.clean;
>     exec.system_user = "root";
>     exec.jail_user = "root";
>     exec.start += "/bin/sh /etc/rc";
>     exec.stop = "";
>     exec.consolelog = "/var/log/jail_idevmysql_console.log";
>     mount.fstab = "/etc/fstab.idevmysql";
>     mount.devfs;
>     mount.fdescfs;
>     mount +=  "procfs /jails/dev/idevmysql/proc procfs rw 0 0";
>     allow.mount;
>     allow.set_hostname = 0;
>     allow.sysvipc = 0;
> }
> 
> Routing is also enabled:
> 
> root at jh1:~ # sysctl net.inet.ip.forwarding
> net.inet.ip.forwarding: 1
> 
> If we are trying to contact the jail from an external host, for example with ansible, the SSH connection works very well but it seems outgoing initiated connections are staying on vlan136 but not forwarded to lagg0.
> Have you got any idea ?
> 
> Thanks in advance
> Regards,
> 
> Loïc Blot,
> UNIX Systems, Network and Security Engineer
> http://www.unix-experience.fr (http://www.unix-experience.fr)
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
> 

the lines from your rc.conf that create the lagg and vlan interfaces may
be helpful (pastebin them maybe if it is a lot of text), as well as the
ifconfig output.

I don't see you using any fib other than 1 for a jail, so it is hard to
understand your setup.


-- 
Allan Jude

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20150227/c5693aaf/attachment.sig>

More information about the freebsd-jail mailing list