From owner-freebsd-net@FreeBSD.ORG Sun Apr 6 09:04:15 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9D32862C for ; Sun, 6 Apr 2014 09:04:15 +0000 (UTC) Received: from smtp.webfaction.com (mail6.webfaction.com [74.55.86.74]) by mx1.freebsd.org (Postfix) with ESMTP id 800F5914 for ; Sun, 6 Apr 2014 09:04:14 +0000 (UTC) Received: from [10.71.101.130] (unknown [203.86.207.104]) by smtp.webfaction.com (Postfix) with ESMTP id B50D02079252 for ; Sun, 6 Apr 2014 09:04:07 +0000 (UTC) Message-ID: <53411885.7030206@nevermind.co.nz> Date: Sun, 06 Apr 2014 21:04:05 +1200 From: Chris Smith User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Re: Multihomed system with jails routing issues References: <533F68EF.8060607@nevermind.co.nz> <53402D68.4030500@freebsd.org> In-Reply-To: <53402D68.4030500@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Apr 2014 09:04:15 -0000 On 06/04/14 04:20, Julian Elischer wrote: > On 4/5/14, 10:22 AM, Chris Smith wrote: >> Hi All, >> >> I have a system with 1 network interface with 2 extra VLANs off it >> and I'm having some trouble getting the routing working correctly >> with it and jails. >> >> bge0 - management - 10.71.100.0/24 >> bge0.101 - LAN - 10.71.101.0/24 >> bge0.103 - DMZ - 10.71.101.0/24 >> >> Here's what I want to achieve... >> >> Host: >> I want the host system to only listen on one interface, bge0. I want >> NO ip addresses of the host on the vlan interfaces. The only service >> it will be exposing is its sshd. The management address for this >> system is 10.71.100.50. >> > Sounds to me that you want to use vimage jails. > check the vnet command to jail . > Hey Julian, Thanks for that. I did come across it but all of the documentation I found indicated that it was experimental. After a day or so messing around with VIMAGE/vnet and their various gotchas and interactions with jails on FreeBSD 10, I have something working that I'm happy with. I've made a bunch of notes so I hope to write something up for it since most of the documentation around this is thin, old or outdated. Cheers, Chris.