Date: Fri, 27 Mar 2020 20:09:46 +0100 From: Mathias Picker <Mathias.Picker@virtual-earth.de> To: freebsd-questions@freebsd.org Subject: Re: Jail, vnet, zfs, and iocage, networking setup Message-ID: <86wo75iphh.fsf@virtual-earth.de> In-Reply-To: <CAPORhP6LDXue2FuV7W1j1k2t_YrZwnT5ho1azrvT44pqkp9Dww@mail.gmail.com> References: <CAPORhP6LDXue2FuV7W1j1k2t_YrZwnT5ho1azrvT44pqkp9Dww@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi David,
I=E2=80=99ve never used iocage, just jail.conf, maybe my experience can=20
still help.
I=E2=80=99m setting up an if_bridge whithout my main interface in it, and=20
configure routing.
Bridging can show the jail/bridge mac addresses to the outsinde=20
world, which can get you into trouble with your hosting=20
provider. At least Hetzner didn=E2=80=99t like it at all ;)
So, I basically put something like this into rc.conf:
------------------------------------------------------------
cloned_interfaces=3D"bridge0"
ifconfig_bridge0_name=3D"jailbridge0"
ifconfig_jailbridge0=3D"inet [someaddress/somemask] up"
ifconfig_jailbridge0_ipv6=3D"inet6 [someaddress/somemask]=E2=80=9C
ifconfig_jailbridge0_alias0=3D"inet6 fe80::1/64" # this was needed=20
for routing, I=E2=80=99m not 100% sure if this should be needed=E2=80=A6
---------------------------------------------------------------
Then I put something like this into jail.conf:
---------------------------------------------------------------------
$iface=3D"igb0";
$j=3D"/jail";
path=3D"$j/jails/$name";
mount.devfs;
exec.clean;
exec.start=3D"sh /etc/rc";
exec.stop=3D"sh /etc/rc.shutdown";
exec.prestart=3D"logger starting jail $name ...";
exec.poststart=3D"logger jail $name has started";
exec.prestop=3D"logger shuttding down jail $name";
exec.poststop=3D"logger jail $name has shut down";
# vnet jails
vnet;
vnet.interface=3D"${name}_j";
exec.prestart+=3D"/usr/local/bin/jailtobridge $name jailbridge0";
exec.poststop+=3D"/sbin/ifconfig jailbridge0 deletem ${name}_b";
exec.consolelog=3D"/var/log/jails/$name-console.log";
# generic hostnames
host.hostname=3D"$name.myhost.example.com";
myhost1 {}
myhost2 {}
------------------------------------------------------------------
and installed the jails with =E2=80=98bsdinstall jail /jail/jails/myhost1=
=E2=80=99=20
and when finished configured networking in the jails rc.conf.
This was my first setup with jail.conf and understanding (well,=20
sort of) if_bridge has taken some time, but otherwise it=E2=80=99s really=20
easy.
I update the jails with freebsd-update from the host system.
Good luck,
Mathias
David Mehler writes:
> Hello,
>=20=09
> I'm trying to get vnet jails going on FreeBSD 12.1. I've set up=20
> jails
> previously by setting up a cloned lo1 interface now i'd like to=20
> get
> zfs, iocage, and vnet jails going. I've got a vps with a single
> physical interface. I've got zfs working fine, and iocage is
> installed. When I create a jail it has no network access at=20
> all. If I
> set up a vlan can I then set up a bridge between the vlan and=20
> the
> physical interface?
>
> Does anyone have some notes on this? Google has shown results=20
> but most
> with FreeBSD 11.x.
>
> Thanks.
> Dave.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to=20
> "freebsd-questions-unsubscribe@freebsd.org"
--=20
Mathias Picker=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20
Gesch=C3=A4ftsf=C3=BChrer
Mathias.Picker@virtual-earth.de
virtual earth Gesellschaft f=C3=BCr Wissens re/pr=C3=A4 sentation mbH
http://www.virtual-earth.de/ HRB126870
support@virtual-earth.de Westendstr. 142
089 / 1250 3943=20=20=20=20=20=20=20=20=20=20=20=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86wo75iphh.fsf>