Running selected rc script with another routing table.

M

mky

Hello,

Is it possible to run some of rc scripts (ie. located at /usr/local/etc/rc.d) with another routing table?
I tried replace run command with appending setfib in /etc/rc.conf.local, for example:

Code: 
openvpn_program="/usr/sbin/setfib 1 /usr/local/sbin/openvpn"

but the script crashes.

Another question is how to add static routes to other than default routing table using /etc/rc.conf? I cannot find proper set for "static_routes" variable.
 
I believe the syntax to put into your /etc/rc.conf is as follows:
Code: 
static_routes="foo bar"
route_foo="192.168.3.4 10.10.10.1"
route_bar="172.25.4.0/24 10.10.10.2"

This is just from my reading of /etc/rc.d/routing. I haven't actually verified the syntax.
 
gordon@ said:
I believe the syntax to put into your /etc/rc.conf is as follows:
Code: 
static_routes="foo bar"
route_foo="192.168.3.4 10.10.10.1"
route_bar="172.25.4.0/24 10.10.10.2"
Click to expand...

This syntax is working for default FIB (first, numbered as "0"). My goal is set some static routes for i.e. FIB 1. From the commad line i can do follow:
Code: 
setfib 1 route add 192.168.1.0/24 192.168.0.1

but is there any way to configure this statics via rc?
 
Ah, I see what you are asking now. It doesn't appear to support setfib in any rc.d script other than the /etc/rc.d/jail script. I'm not sure if you would be able to leverage that in any way.

I would probably add it to /etc/rc.local.
 
  • Thanks
Reactions: mky
There's work going on to develop a method for incorporating multible fibs into the RC process. Haven't read through the threads on the -current mailing list though, just see the subject come up lately.

Doing it via /etc/rc.local is pretty simple though (disable openvpn in rc.conf first):
Code: 
setfib 1 route add <whatever>
setfib 1 route add <whatever>
setfib 1 service openvpn_whatever onestart
The initial setfib calls create the second FIB and add the needed routes to it. The last line starts openvpn using the second FIB. (If you aren't running 8.x, you can backport the service command, it's just a simple shell script.)

I use this method to use 1 network card for normal Internet access, and a second network card using a separate FIB for only ktorrent, with IPFW rules to attach packets to fibs based on the incoming interface.
 
  • Thanks
Reactions: mky
gordon, phoenix: thanks for your answer.

I added static routes and openvpn to /etc/rc.local. The "service" script isn't present in 8.0-RELEASE, but i got it from 8-STABLE and it works. The problem is solved.
 
You must log in or register to reply here.
Back
Top