From owner-freebsd-net@FreeBSD.ORG Fri Oct 2 23:38:44 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABCEC106566B for ; Fri, 2 Oct 2009 23:38:44 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outE.internet-mail-service.net (oute.internet-mail-service.net [216.240.47.228]) by mx1.freebsd.org (Postfix) with ESMTP id 554D18FC08 for ; Fri, 2 Oct 2009 23:38:44 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 2B3B5C85C; Fri, 2 Oct 2009 16:38:44 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id A18282D6013; Fri, 2 Oct 2009 16:38:43 -0700 (PDT) Message-ID: <4AC68F06.8060305@elischer.org> Date: Fri, 02 Oct 2009 16:38:46 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: remodeler References: <20091001173851.M50386@alentogroup.org> <4AC4FD98.3000301@elischer.org> <20091002181509.M38849@alentogroup.org> <4ad871310910021136v3dc3cd2l520102bae715c2bc@mail.gmail.com> <20091002190821.M69919@alentogroup.org> <20091002195008.M13604@alentogroup.org> <4AC65C51.7010506@elischer.org> <20091002202650.M67240@alentogroup.org> <4AC66C5F.4050000@elischer.org> <20091002223304.M55101@alentogroup.org> In-Reply-To: <20091002223304.M55101@alentogroup.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: vimage-assigning interface to jail X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Oct 2009 23:38:44 -0000 remodeler wrote: > Hi: > >> Without doing anything extra except booting, (with no jails started), >> what happens when you duplicate my commands in the previous email? > > #jail -c host.hostname=test path=/ vnet persist > > I substituted persist parameter for command=/bin/tcsh in your example, > otherwise the jail is destroyed when I exit the shell to enter the next command: > > #ifconfig msk0 vnet 1 > > test# ifconfig > lo0: flags=8008 metric 0 mtu 16384 > options=3 > maclabel mls/equal(equal-equal) > msk0: flags=8842 metric 0 mtu 1500 > options=11a > ether 00:23:54:08:2b:f7 > maclabel mls/low(low-low) > media: Ethernet autoselect > > test#ifconfig msk0 172.28.15.1/24 > > test#netstat -rn > netstat: kvm not available: /dev/mem: Permission denied > Routing tables > rt_tables: symbol not in namelist in the jail do: ls -l /dev/*mem > > test# route add default 192.168.0.1 > route: writing to routing socket: Network is unreachable > add net default: gateway 192.168.0.1: Network is unreachable quite correct think of these as two separate machines. one is on 192.168.0.x and the other is on 172.... obviously the one on 172..... can not set a default route of 192.x.x.x as it can't reach that address. unlike non vnet jails, vnet jails have *completely* separate network stacks and can not communicate with each other except via the wire (or via an pretend wire) (see the epair driver). > > #test# route add default 172.28.15.2 > add net default: gateway 172.28.15.2 > > The host's IP address is set to 192.168.0.10, with a default route of > 192.168.0.1 -- the route command succeeded when I used your example, although > netstat -rn still fails with the same output as above. In my earlier > correspondences, I was pushing a ng_eiface node to the jail instead of the > physical ethernet device. looks like you need to allow it to access /dev/(k)mem somehow. > > Thank you. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"