From owner-freebsd-jail@FreeBSD.ORG Fri Apr 26 14:45:53 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 05891FBE for ; Fri, 26 Apr 2013 14:45:53 +0000 (UTC) (envelope-from anders.hagman@netplex.se) Received: from smtp-out11.han.skanova.net (smtp-out11.han.skanova.net [195.67.226.200]) by mx1.freebsd.org (Postfix) with ESMTP id 96EC81D5B for ; Fri, 26 Apr 2013 14:45:51 +0000 (UTC) Received: from [90.233.134.178] (90.233.134.178) by smtp-out11.han.skanova.net (8.5.133) (authenticated as u48002568) id 516D088C004A9EBB; Fri, 26 Apr 2013 16:44:23 +0200 Subject: Re: jail(8) vimage epair bridge References: <5176892F.8050802@a1poweruser.com> <77E31AD0-ABE2-44FA-AB19-CF557038DEBE@netplex.se> <51783B89.9080701@a1poweruser.com> From: Anders Hagman Content-Type: text/plain; charset=us-ascii X-Mailer: iPhone Mail (10B329) In-Reply-To: <51783B89.9080701@a1poweruser.com> Message-Id: <2ED09B04-6888-46CE-B34C-CAC70EB51F96@netplex.se> Date: Fri, 26 Apr 2013 16:44:05 +0200 To: Joe , "freebsd-jail@freebsd.org" Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Apr 2013 14:45:53 -0000 Hi 24 apr 2013 kl. 22:07 skrev Joe : > Anders Hagman wrote: >> Hi >> 23 apr 2013 kl. 15:14 skrev Joe : >>> Hello list >>>=20 >>> I am using jail(8) trying to get a functional vimage environment on my >>> 9.1-RELEASE system. My PC only has a single real NIC facing the public >>> internet. >>>=20 >>> My goal is to be able to have multiple vimage jails, each with >>> their own epairXa epairXb and bridgeX where the "X" is the jails JID >>> number all having their traffic passing through the single rl0 real >>> interface. The vnet.start script shown below handles this nicely. >>>=20 >>> The problem is after the first vimage jail is started the rl0 interface >>> gets marked as busy when the second vimage jail is started. >> You don't need more the one bridge. >> Connect all epairXa and the rl0 interface to the bridge. Put the epairXb i= n the right jail. >> If you want separation. Create vlan interfaces. > > Connect them to rl0 and put them inside the jail. >=20 > Hello Anders; >=20 > Now that I have an bridge, epair solution, > I would like to learn the vlan method you spoke about. > Would you please provide some details about how it could be done. > I have never used vlan before. You need a vlan switch and a trunk connection between your server and the sw= itch. You need a router/firewall that handles vlans. m0n0wall. In your server create vlan interfaces: Ifconfig vlan101 create vlan 101 vlandev rl0 Move the interface to a started jail Ifconfig vlan101 vnet jailX Connect to jail, config and test Br Anders=