From owner-freebsd-net@freebsd.org Fri May 17 08:58:55 2019 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C312F158E7D7 for ; Fri, 17 May 2019 08:58:55 +0000 (UTC) (envelope-from chris@debilux.org) Received: from mail.dblx.io (mail.dblx.io [IPv6:2a01:4f8:161:10c7::13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 785B86ACE0 for ; Fri, 17 May 2019 08:58:54 +0000 (UTC) (envelope-from chris@debilux.org) Received: from leia.lan.dblx.io (port-92-192-198-26.dynamic.qsc.de [92.192.198.26]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.dblx.io (Postfix) with ESMTPSA id AD8F84E44; Fri, 17 May 2019 10:58:19 +0200 (CEST) From: Christian Baer Message-Id: <409EF41B-FB07-4735-8405-01657C9797D9@debilux.org> Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) Subject: Re: VLANs for use with jails Date: Fri, 17 May 2019 10:58:49 +0200 In-Reply-To: Cc: Artem Viklenko via freebsd-net To: "Patrick M. Hausen" References: <2BE6B69D-FB37-49BA-AAA1-67531A4BE064@debilux.org> X-Mailer: Apple Mail (2.3445.104.8) X-Rspamd-Queue-Id: 785B86ACE0 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of chris@debilux.org designates 2a01:4f8:161:10c7::13 as permitted sender) smtp.mailfrom=chris@debilux.org X-Spamd-Result: default: False [-3.52 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MV_CASE(0.50)[]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[mail.dblx.io]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.93)[-0.931,0]; RECEIVED_SPAMHAUS_PBL(0.00)[26.198.192.92.zen.spamhaus.org : 127.0.0.10]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; URIBL_BLOCKED(0.00)[punkt.de.multi.uribl.com,christianbaer.me.multi.uribl.com]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[debilux.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-0.78)[ipnet: 2a01:4f8::/29(-2.10), asn: 24940(-1.80), country: DE(-0.01)]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 May 2019 08:58:56 -0000 Hi, i still can=E2=80=99t get it to work. My rc.conf looks like this: defaultrouter=3D"10.0.3.1" ifconfig_igb0=3D"inet 10.0.3.11/24 -rxcsum -rxcsum6 -txcsum -txcsum6 = -lro -tso -vlanhwtso" ifconfig_igb1=3D"up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso = -vlanhwtso" cloned_interfaces=3D"vlan30 vlan40 vlan50 vlan60" ifconfig_vlan30=3D"inet 10.0.3.12/24 vlan 30 vlandev igb1 description = LAN" ifconfig_vlan40=3D"inet 10.0.4.12/24 vlan 40 vlandev igb1 description = IoT" ifconfig_vlan50=3D"inet 10.0.5.12/24 vlan 50 vlandev igb1 description = Guest" ifconfig_vlan60=3D"inet 10.0.6.12/24 vlan 60 vlandev igb1 description = VOIP=E2=80=9C ifconfig says: # ifconfig igb0: flags=3D8843 metric 0 mtu = 1500 = options=3D8100b8 ether ac:1f:6b:63:37:b0 inet 10.0.3.11 netmask 0xffffff00 broadcast 10.0.3.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=3D29 igb1: flags=3D8843 metric 0 mtu = 1500 = options=3D8100b8 ether ac:1f:6b:63:37:b1 media: Ethernet autoselect (1000baseT ) status: active nd6 options=3D29 lo0: flags=3D8049 metric 0 mtu 16384 options=3D680003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=3D21 vlan30: flags=3D8843 metric 0 = mtu 1500 description: LAN ether ac:1f:6b:63:37:b1 inet 10.0.3.12 netmask 0xffffff00 broadcast 10.0.3.255 groups: vlan vlan: 30 vlanpcp: 0 parent interface: igb1 media: Ethernet autoselect (1000baseT ) status: active nd6 options=3D29 vlan40: flags=3D8843 metric 0 = mtu 1500 description: IoT ether ac:1f:6b:63:37:b1 inet 10.0.4.12 netmask 0xffffff00 broadcast 10.0.4.255 groups: vlan vlan: 40 vlanpcp: 0 parent interface: igb1 media: Ethernet autoselect (1000baseT ) status: active nd6 options=3D29 vlan50: flags=3D8843 metric 0 = mtu 1500 description: Guest ether ac:1f:6b:63:37:b1 inet 10.0.5.12 netmask 0xffffff00 broadcast 10.0.5.255 groups: vlan vlan: 50 vlanpcp: 0 parent interface: igb1 media: Ethernet autoselect (1000baseT ) status: active nd6 options=3D29 vlan60: flags=3D8843 metric 0 = mtu 1500 description: VOIP ether ac:1f:6b:63:37:b1 inet 10.0.6.12 netmask 0xffffff00 broadcast 10.0.6.255 groups: vlan vlan: 60 vlanpcp: 0 parent interface: igb1 media: Ethernet autoselect (1000baseT ) status: active nd6 options=3D29 When I try to bring up a jail on a freshly installed iocage it quits = with an error. # iocage create -n "vlantest" -r LATEST defaultrouter=3D"10.0.6.1" = vnet=3D"on" allow_raw_sockets=3D"1" boot=3D"on" = interfaces=3D"vnet0:vlan60" ip4_addr=3D"vnet0|10.0.6.13/24" vlantest successfully created! * Starting vlantest + Started OK + Using devfs_ruleset: 5 + Configuring VNET FAILED ifconfig: BRDGADD vnet0.5: Invalid argument Stopped vlantest due to VNET failure What am I doning wrong?=20 Best regards, Chris --=20 E-Mail: chris@debilux.org Web: https://christianbaer.me > Am 14.05.2019 um 09:01 schrieb Patrick M. Hausen : >=20 > Hi! >=20 > Not tested, minor typos possible ... >=20 >> Am 10.05.2019 um 23:02 schrieb Christian Baer : >> ifconfig_igb1=3D"inet 10.0.3.12/24 -rxcsum -rxcsum6 -txcsum -txcsum6 = -lro -tso -vlanhwtso" >> ifconfig_igb1_ipv6=3D"inet6 accept_rtadv -lro -tso=E2=80=9C=20 >> [...] >> What's the proper way to set up igb1 to be untagged (and so be in the = management vlan) and create the different VLANs on it and use it with = the jails? On of the VLANs should also be in the management VLAN (to = move my Unifi controller from a Pi to a jail). >=20 > ifconfig_igb1=3D=E2=80=9Cup -rxcsum -rxcsum6 -txcsum -txcsum6 -lro = -tso -vlanhwtso=E2=80=9C > cloned_interfaces=3D"vlan3 vlan4=E2=80=9C >=20 > ifconfig_vlan3=3D"inet 10.0.3.12/24 vlan 3 vlandev igb1=E2=80=9C > ifconfig_vlan4=3D"inet 10.0.4.12/24 vlan 4 vlandev igb1=E2=80=9C >=20 > iocage set vlan3jail interfaces=3D"vnet0:vlan3" > iocage set vlan3jail ip4_addr=3D"vnet0|10.0.3.13/24" >=20 > iocage set vlan4jail interfaces=3D"vnet0:vlan4" > iocage set vlan4jail ip4_addr=3D"vnet0|10.0.4.13/24" >=20 > HTH, > Patrick > --=20 > punkt.de GmbH Internet - Dienstleistungen - Beratung > Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100 > 76133 Karlsruhe info@punkt.de http://punkt.de > AG Mannheim 108285 Gf: Juergen Egeling >=20