From owner-freebsd-jail@FreeBSD.ORG Fri Apr 26 16:17:06 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id BB79744C for ; Fri, 26 Apr 2013 16:17:06 +0000 (UTC) (envelope-from fbsd8@a1poweruser.com) Received: from mail-03.name-services.com (mail-03.name-services.com [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id A7A87110F for ; Fri, 26 Apr 2013 16:17:06 +0000 (UTC) Received: from [10.0.10.1] ([173.88.202.176]) by mail-03.name-services.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 26 Apr 2013 09:17:02 -0700 Message-ID: <517AA87C.2050008@a1poweruser.com> Date: Fri, 26 Apr 2013 12:17:00 -0400 From: Joe User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Anders Hagman Subject: Re: jail(8) vimage epair bridge References: <5176892F.8050802@a1poweruser.com> <77E31AD0-ABE2-44FA-AB19-CF557038DEBE@netplex.se> <51783B89.9080701@a1poweruser.com> <2ED09B04-6888-46CE-B34C-CAC70EB51F96@netplex.se> In-Reply-To: <2ED09B04-6888-46CE-B34C-CAC70EB51F96@netplex.se> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 26 Apr 2013 16:17:02.0374 (UTC) FILETIME=[7C55A460:01CE4299] X-Sender: fbsd8@a1poweruser.com X-Authenticated-Sender: fbsd8@a1poweruser.com X-EchoSenderHash: [fbsd8]-[a1poweruser*com] Cc: "freebsd-jail@freebsd.org" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Apr 2013 16:17:06 -0000 Anders Hagman wrote: > Hi > > 24 apr 2013 kl. 22:07 skrev Joe : > >> Anders Hagman wrote: >>> Hi >>> 23 apr 2013 kl. 15:14 skrev Joe : >>>> Hello list >>>> >>>> I am using jail(8) trying to get a functional vimage environment on my >>>> 9.1-RELEASE system. My PC only has a single real NIC facing the public >>>> internet. >>>> >>>> My goal is to be able to have multiple vimage jails, each with >>>> their own epairXa epairXb and bridgeX where the "X" is the jails JID >>>> number all having their traffic passing through the single rl0 real >>>> interface. The vnet.start script shown below handles this nicely. >>>> >>>> The problem is after the first vimage jail is started the rl0 interface >>>> gets marked as busy when the second vimage jail is started. >>> You don't need more the one bridge. >>> Connect all epairXa and the rl0 interface to the bridge. Put the epairXb in the right jail. >>> If you want separation. Create vlan interfaces. >>> Connect them to rl0 and put them inside the jail. >> Hello Anders; >> >> Now that I have an bridge, epair solution, >> I would like to learn the vlan method you spoke about. >> Would you please provide some details about how it could be done. >> I have never used vlan before. > > You need a vlan switch and a trunk connection between your server and the switch. > You need a router/firewall that handles vlans. m0n0wall. What is your definition of a switch? Do you mean a hardware switch in the network cabling? Are you saying ipfw, pf, and ipfilter DON'T handle vlans? > > In your server create vlan interfaces: > > Ifconfig vlan101 create vlan 101 vlandev rl0 > > Move the interface to a started jail > > Ifconfig vlan101 vnet jailX > > Connect to jail, config and test What do you mean by config the jail? Are there vlan commands that need to be run from inside of the jail? For a second vimage jail would I do Ifconfig vlan102 create vlan 102 vlandev rl0