From owner-freebsd-stable@FreeBSD.ORG Thu Nov 22 11:42:56 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EA862883 for ; Thu, 22 Nov 2012 11:42:56 +0000 (UTC) (envelope-from morgan.s.reed@gmail.com) Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com [209.85.223.182]) by mx1.freebsd.org (Postfix) with ESMTP id A97C58FC0C for ; Thu, 22 Nov 2012 11:42:56 +0000 (UTC) Received: by mail-ie0-f182.google.com with SMTP id s9so6741050iec.13 for ; Thu, 22 Nov 2012 03:42:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=ZzPwBqWdFqoiaZ+12uEnekTnwcRXqhyjM3fhzqCHiGk=; b=FdNAaQGI2Q0kYrNZTXMURmnp+sQtxKZF00b8DQTsqaG8KEOCFUkEhTK3H7s+P0dVCr dw7icZFTcHt0r5dry+L6f7Qex4BiZ7zOdtPFMF/GOHVsUZYrGBL5Bp3XMPPFhQHQtGsP DxKR6IFslBwhNnAmAYhFL/1m9cQP1N+QV+bybBRZml/gPH5LnuKI4WrW1xoSHt+W7PVA BCNA+J4gLWe5pm0JtWUDXuzwc1dncFMJjmUnq7DXi+JCeR9t1iQOMHLfunM37j1/+nOE l8rzyWsk+JDxeqYJR1ghkW17fFfChG8+b19+2TMOo1SQQgqLoY/vBAqGN5rRqzdGU3cY om/g== Received: by 10.50.187.165 with SMTP id ft5mr2941219igc.12.1353584576111; Thu, 22 Nov 2012 03:42:56 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.6.71 with HTTP; Thu, 22 Nov 2012 03:42:35 -0800 (PST) In-Reply-To: <13CA24D6AB415D428143D44749F57D7201E49842@ltcfiswmsgmb21> References: <13CA24D6AB415D428143D44749F57D7201E49842@ltcfiswmsgmb21> From: Morgan Reed Date: Thu, 22 Nov 2012 22:42:35 +1100 Message-ID: Subject: Re: natd in a jail To: "Teske, Devin" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-stable@freebsd.org" , "" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2012 11:42:57 -0000 On Thu, Nov 22, 2012 at 10:32 PM, Teske, Devin wrote: > I have created a boot script for managing vimages (downloadable as a Free= BSD package) and made a little write-up on how to use it... > http://druidbsd.sf.net/vimage.shtml As noted elsewhere, these are VIMAGE jails, but I'm managing them manually with a spaghetti script at the moment (just proof-of-concept at this point), I'll have a look at the script, might make my life easier. > Note that I use netgraph for bridging (not if_bridge+epair method which s= eems to be popular in some other setups -- we've benchmarked netgraph and i= t scales well). Not to mention that "ngctl dot | dot -Tsvg -o network.svg" = can produce nice pretty graphs of your vimage structure when using my setup= . Hmmm, I've not done anything with netgraph before, I'll have a look into it, if it is an issue of the appropriate interfaces not being exposed to natd from the epair/bridge setup that might be an alternate solution, not hugely concerned about scale, it'll pretty much only be my traffic that gets routed this way, but I am interested in making it as efficient as possible (no sense adding additional latency unnecessarily when one already has the tunnel latency to deal with). Thanks, Morgan