From owner-freebsd-jail@FreeBSD.ORG Sat Apr 27 10:16:23 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id B992AA78 for ; Sat, 27 Apr 2013 10:16:23 +0000 (UTC) (envelope-from zulu@openvps.biz) Received: from mgw.cellcontainer.com (mgw.cellcontainer.com [87.229.77.135]) by mx1.freebsd.org (Postfix) with ESMTP id 08D3215B9 for ; Sat, 27 Apr 2013 10:16:22 +0000 (UTC) Received: from mgw.cellcontainer.com (unknown [192.168.1.10]) by mgw.cellcontainer.com (Postfix) with ESMTP id 2ACF9A4EB for ; Sat, 27 Apr 2013 10:16:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=openvps.biz; h=message-id :date:subject:from:to:mime-version:content-type:in-reply-to :references; s=selector1; bh=M3mbNXLpwst1WuD3/Ft8iIzMceE=; b=WHT M3CYu4kN8um+qLlNumd+bJ8Q6uMntCR0R4kYDbH599n3cs0f4qmoATWE9vi7NWgI af8Cgq1aR2TBX2pp+8bkZbBToTHh4NhuDwb+Jx0DQ3YqMchIEtHgznw1E5TCZ/qK CDzrFkJAzNm8k6nBH5h2Q40iWQNopP5fI0JpbMtY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=openvps.biz; h=message-id :date:subject:from:to:mime-version:content-type:in-reply-to :references; q=dns; s=selector1; b=fios1aKpe0zeXi8FGR4lcG3eRifvw taBFcmIcuOLgv78ugCTwQRSR2S7/yVpYN2R2knSeYxL/n88Kep0I097E2z+Ud/aC WiRLV/N0zFYex2vlisf9bsTm47THvRAH7oHcXeMoV64tUvemo0v89uQYT0BvSp8w ZKA8N/vBz/Uu8U= Received: from gpo.cellcontainer.com (unknown [192.168.1.15]) by mgw.cellcontainer.com (Postfix) with ESMTP id 08E8CA4E9 for ; Sat, 27 Apr 2013 10:16:21 +0000 (UTC) Received: by gpo.cellcontainer.com (Postfix, from userid 58) id C8DAD7A434; Sat, 27 Apr 2013 10:16:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on gpo.cellcontainer.com X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, HTML_MESSAGE autolearn=unavailable version=3.3.2 Received: from gpo.cellcontainer.com (gpo.cellcontainer.com [192.168.1.15]) by gpo.cellcontainer.com (Postfix) with ESMTP id 250D67A416; Sat, 27 Apr 2013 10:16:18 +0000 (UTC) Message-ID: <1367057778.517ba5720f37d@gpo.cellcontainer.com> Date: Sat, 27 Apr 2013 22:16:18 +1200 Subject: Re: state of the art ? From: zulu To: Laurent Alebarde , "freebsd-jail@freebsd.org" MIME-Version: 1.0 X-MimeOLE: Produced by Group-Office 3.7.41 In-Reply-To: X-Priority: 3 (Normal) References: X-Mailer: Group-Office 3.7.41 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Apr 2013 10:16:23 -0000 Have not used dummynet but a good starting point could be the = official IPFW Handbook section http://www.freebsd.org/doc/handbo= ok/firewalls-ipfw.html. Just treat your jails as you would a = physical host with firewall rules. One caveat to watch out for is tha= t after enabling IPFW on your host all jails will have a default den= y rule and each jail will need to have a rule added to allow traffic= in/out. Also make sure your bridge contains your real NIC if y= ou want to talk to hosts beyond your jail environment (standard netwo= rking things - man pages are your friends, ifconfig, bridge, route, = etc.).=C2=A0 Cheers, Peter=C2=A0 =C2=A0 O= n Saturday, 27-04-2013 on 21:37 Laurent Alebarde wrote: zulu = writes: >=20 > Try and exclude altq and pf from kernel - make them= a loadable module > instead (just to rule out these). > = Thanks zulu, it works now. No crash, and I can ping my zjail. = I think I am going to drop pf completely until it is officiall= y compatible with VIMAGE, and use IPFW.=20 Do you hav= e a good link please for basic and elaborate (including dummynet)= use of IPFW with zjails (I have not found very usefull things up to= now) ? Cheers, Laurent. _________= ______________________________________ freebsd-jail@freebsd.org mail= ing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail T= o unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org= "