default route in jail.

Hi.

I am a bit confused about jail's default route. What I have understood jail should use Host as default route / gw.

When I run [CMD=]netstat -rn[/CMD] in jail.

I can see that default route is my isp router and not my host's ip.

Any clue what is causing this ?

Folivora
 
The jail will use the host's routing table. Apparently your host has it's default gateway pointing to your ISP.
 
That is right. I have my default gateway pointing to my isp's ip.

Is there way to change jail's default gw ?
 
folivora said:
That is right. I have my default gateway pointing to my isp's ip.

Is there way to change jail's default gw ?

Absolutely, setfib(1) is your friend.

First recompile your kernel with this addition to your kernconf
Code:
options         ROUTETABLES=4           # default is 1, max 16

Next add to /etc/rc.conf
Code:
jail_XXX_fib=1

You then use setfib to manipulate your alternate routing table.
You may want to create a dedicated rc-script for this, but for a single jail you can just add the following to /etc/rc.d/jail
Code:
start_precmd="setfib 1 route add default a.b.c.d"
stop_postcmd="setfib 1 route delete default a.b.c.d"
 
I try to use FIB in Jail on 9.0-RELEASE but have problem.

  • /etc/rc.conf
    Code:
    jail_test_ip="x.x.x.149/29"           # jail's IP address
    jail_test_fib="1"
    jail_test_interface="bge1"
  • I recompiled kernel:
    Code:
    # sysctl -a | fgrep fib
    net.my_fibnum: 0
    net.add_addr_allfibs: 1
    net.fibs: 4
  • create /usr/local/etc/rc.d/fibs.
After that:
Code:
# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            y.y.y.1       UGS         0  4596344 bge0


# setfib 1 netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            x.x.x.145     UGS         0       39   bge1

But in Jail "test":
Code:
# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            y.y.y.1       UGS         0  4596926 bge0
Why Jail don't use FIB 1 by default? What am I doing wrong?
Thanks
 
darrendavid look at the dates before responding, you're replying to a 5 year old thread. The original question is even older than that (7 years).
 
Back
Top