Solved FIB and route

[trumee]

Hello,

I have two NICs one for LAN (172.16.2.0/24, igb0) and other for DMZ (192.168.20.0/24, igb1). I wanted to set up separate routes for these using FIB.

My config is

#cat /boot/loader.conf
net.fibs=2
net.add_addr_allfibs=0

rc.conf

#cat /etc/rc.conf
ifconfig_igb0="DHCP"
ifconfig_igb1="DHCP"

Routing tables on the first FIB looks like this

#setfib 0 netstat -rn
Routing tables

Internet:
Destination  Gateway  Flags  Netif Expire
default  192.168.20.1  UGS  igb1
127.0.0.1  link#3  UH  lo0
172.16.2.0/24  link#1  U  igb0
172.16.2.5  link#1  UHS  lo0
192.168.20.0/24  link#2  U  igb1
192.168.20.135  link#2  UHS  lo0

The second routing table is empty

#setfib 1 netstat -rn
Routing tables (fib: 1)

Now if i try to add a default route in the second routing table it fails

#setfib 1 route add -net 192.168.20.0/24
route: writing to routing socket: Invalid argument
add net 192.168.20.0 fib 1: Invalid argument
#setfib 1 route add default  192.168.20.1
route: writing to routing socket: Network is unreachable
add net default: gateway 192.168.20.1 fib 1: Network is unreachable

How can I populate the routing table for the second FIB?

 

[SirDice]

What exactly are you trying to accomplish?

 

[usdmatt]

setfib 1 route add -net 192.168.20.0/24

This doesn't seem correct as you're not telling it how or where to route that network

setfib 1 route add default 192.168.20.1

This then won't work as without a route for the 192.168.20.0/24 network, it doesn't know how to get to 192.168.20.1.

I think you should be able to change this line, so that both IP addresses are assigned in both fibs. I can't see any obvious reason why this should be a problem (although it's unclear what you're actually trying to do).

net.add_addr_allfibs=1

That should then mean the 192.168.20.X address from DHCP appears in the second fib's routing table, at which point you should be able to change the default gateway.

You may also be able to leave that setting as 0, but run dhclient manually in each fib. I've not tested this though.

# dhclient igb0
# setfib 1 dhclient igb1

Personally I'd prefer to just use static addresses for something like this.

 

[trumee]

What exactly are you trying to accomplish?

I want to have trusted and untrusted jails. The trusted jails will use igb0 NIC while the untrusted one will use igb1.

Something like this http://savagedlight.me/2014/03/07/freebsd-jail-host-with-multiple-local-networks/

 

[usdmatt]

Try:

# setfib 1 route add -net 192.168.20.0/24 -iface igb1
# setfib 1 route add default 192.168.20.1