Date: Fri, 27 Mar 2020 20:09:46 +0100 From: Mathias Picker <Mathias.Picker@virtual-earth.de> To: freebsd-questions@freebsd.org Subject: Re: Jail, vnet, zfs, and iocage, networking setup Message-ID: <86wo75iphh.fsf@virtual-earth.de> In-Reply-To: <CAPORhP6LDXue2FuV7W1j1k2t_YrZwnT5ho1azrvT44pqkp9Dww@mail.gmail.com> References: <CAPORhP6LDXue2FuV7W1j1k2t_YrZwnT5ho1azrvT44pqkp9Dww@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi David,
I’ve never used iocage, just jail.conf, maybe my experience can
still help.
I’m setting up an if_bridge whithout my main interface in it, and
configure routing.
Bridging can show the jail/bridge mac addresses to the outsinde
world, which can get you into trouble with your hosting
provider. At least Hetzner didn’t like it at all ;)
So, I basically put something like this into rc.conf:
------------------------------------------------------------
cloned_interfaces="bridge0"
ifconfig_bridge0_name="jailbridge0"
ifconfig_jailbridge0="inet [someaddress/somemask] up"
ifconfig_jailbridge0_ipv6="inet6 [someaddress/somemask]“
ifconfig_jailbridge0_alias0="inet6 fe80::1/64" # this was needed
for routing, I’m not 100% sure if this should be needed…
---------------------------------------------------------------
Then I put something like this into jail.conf:
---------------------------------------------------------------------
$iface="igb0";
$j="/jail";
path="$j/jails/$name";
mount.devfs;
exec.clean;
exec.start="sh /etc/rc";
exec.stop="sh /etc/rc.shutdown";
exec.prestart="logger starting jail $name ...";
exec.poststart="logger jail $name has started";
exec.prestop="logger shuttding down jail $name";
exec.poststop="logger jail $name has shut down";
# vnet jails
vnet;
vnet.interface="${name}_j";
exec.prestart+="/usr/local/bin/jailtobridge $name jailbridge0";
exec.poststop+="/sbin/ifconfig jailbridge0 deletem ${name}_b";
exec.consolelog="/var/log/jails/$name-console.log";
# generic hostnames
host.hostname="$name.myhost.example.com";
myhost1 {}
myhost2 {}
------------------------------------------------------------------
and installed the jails with ‘bsdinstall jail /jail/jails/myhost1’
and when finished configured networking in the jails rc.conf.
This was my first setup with jail.conf and understanding (well,
sort of) if_bridge has taken some time, but otherwise it’s really
easy.
I update the jails with freebsd-update from the host system.
Good luck,
Mathias
David Mehler writes:
> Hello,
>
> I'm trying to get vnet jails going on FreeBSD 12.1. I've set up
> jails
> previously by setting up a cloned lo1 interface now i'd like to
> get
> zfs, iocage, and vnet jails going. I've got a vps with a single
> physical interface. I've got zfs working fine, and iocage is
> installed. When I create a jail it has no network access at
> all. If I
> set up a vlan can I then set up a bridge between the vlan and
> the
> physical interface?
>
> Does anyone have some notes on this? Google has shown results
> but most
> with FreeBSD 11.x.
>
> Thanks.
> Dave.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
--
Mathias Picker
Geschäftsführer
Mathias.Picker@virtual-earth.de
virtual earth Gesellschaft für Wissens re/prä sentation mbH
http://www.virtual-earth.de/ HRB126870
support@virtual-earth.de Westendstr. 142
089 / 1250 3943
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86wo75iphh.fsf>