From owner-freebsd-net@FreeBSD.ORG Sun Apr 6 13:36:52 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 24A5250B for ; Sun, 6 Apr 2014 13:36:52 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id EAC0FE86 for ; Sun, 6 Apr 2014 13:36:51 +0000 (UTC) Received: from jre-mbp.elischer.org (ppp121-45-232-70.lns20.per1.internode.on.net [121.45.232.70]) (authenticated bits=0) by vps1.elischer.org (8.14.8/8.14.8) with ESMTP id s36Daj7S056514 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 6 Apr 2014 06:36:48 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <53415866.1030107@freebsd.org> Date: Sun, 06 Apr 2014 21:36:38 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Chris Smith , freebsd-net@freebsd.org Subject: Re: Multihomed system with jails routing issues References: <533F68EF.8060607@nevermind.co.nz> <53402D68.4030500@freebsd.org> <53411885.7030206@nevermind.co.nz> In-Reply-To: <53411885.7030206@nevermind.co.nz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Apr 2014 13:36:52 -0000 On 4/6/14, 5:04 PM, Chris Smith wrote: > On 06/04/14 04:20, Julian Elischer wrote: >> On 4/5/14, 10:22 AM, Chris Smith wrote: >>> Hi All, >>> >>> I have a system with 1 network interface with 2 extra VLANs off it >>> and I'm having some trouble getting the routing working correctly >>> with it and jails. >>> >>> bge0 - management - 10.71.100.0/24 >>> bge0.101 - LAN - 10.71.101.0/24 >>> bge0.103 - DMZ - 10.71.101.0/24 >>> >>> Here's what I want to achieve... >>> >>> Host: >>> I want the host system to only listen on one interface, bge0. I >>> want NO ip addresses of the host on the vlan interfaces. The only >>> service it will be exposing is its sshd. The management address >>> for this system is 10.71.100.50. >>> >> Sounds to me that you want to use vimage jails. >> check the vnet command to jail . >> > Hey Julian, > > Thanks for that. I did come across it but all of the documentation I > found indicated that it was experimental. > > After a day or so messing around with VIMAGE/vnet and their various > gotchas and interactions with jails on FreeBSD 10, I have something > working that I'm happy with. as long as you steer clear of pf and do only 'vanilla' stuff, you should be ok. let us know what you think and I'd like to see your notes published, if not officially then at least put here so that others can find it in the archives. > > I've made a bunch of notes so I hope to write something up for it > since most of the documentation around this is thin, old or outdated. > > Cheers, > Chris. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >