pfSense

I already put in a feature request for this- https://redmine.pfsense.org/issues/4598

As of 2.3 at least sysctl net.fibs report 4 fibs defined, and setfib is included in the distribution.
[2.3-BETA][root@adi-skinnydog.skinnydog.org]/root: sysctl -a | grep fib
net.my_fibnum: 0
net.add_addr_allfibs: 1
net.fibs: 4
[2.3-BETA][root@adi-skinnydog.skinnydog.org]/root: setfib 1 sysctl -a | grep fib
net.my_fibnum: 1
net.add_addr_allfibs: 1
net.fibs: 4

I see only one on 2.3.3:
sysctl -a | grep fib
net.my_fibnum: 0
net.add_addr_allfibs: 1
net.fibs: 1


I just stumbled upon a case where it would be nice to have the webConfigurator in a separate FIB, because of routing troubles.

• WAN
• LAN1 (legacy network for which I need to provide net access via WAN and NAT)
• LAN2 (on which I want to have SNMP, management screen)

• MGMT -> GW1 -> LAN1 -> pfSense
• MGMT -> GW1 -> LAN1 -> GW2 -> LAN2 -> pfSense

• Have pfSense route to MGMT via GW2, for easy access to the management screen
• Have LAN1 equipments route by default via pfSense, but to MGMT via GW1

Unfortunately LAN1 has a lot of legacy equipment for which it is not possible to set static routes. The problem is that then, we end up with assymetrical routing (LAN1 -> pfSense -> LAN2 -> GW2 -> MGMT), and GW2 ends up botching the state handling, which results in frequent broken pipes.

• Have standard routing for MGMT network done via GW1 in fib 0
• Have webConfigurator and SSH run in fib 1, which would route via GW2 for MGMT network

I tried receiving packets on LAN2 for SSH/HTTP/HTTPS (after disabling the lockout rule), and setting a route-to GW2 directive, but it seems this fails, even when setting sloppy states.