From owner-freebsd-questions@freebsd.org Fri Mar 27 19:10:12 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0F32127EA23 for ; Fri, 27 Mar 2020 19:10:12 +0000 (UTC) (envelope-from Mathias.Picker@virtual-earth.de) Received: from www94.your-server.de (www94.your-server.de [213.133.104.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48pryY1lFhz3HlH for ; Fri, 27 Mar 2020 19:09:56 +0000 (UTC) (envelope-from Mathias.Picker@virtual-earth.de) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtual-earth.de; s=default_1811; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Message-ID:Date:In-reply-to:Subject:To:From:References:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Q2djAZTogujFjFyEfhvauWjb1ec5ef4uf8D7eaCKpGo=; b=ER3spqkR7V165NsNc06+IeM9tz 9rjg1CNepJoo386jyyOilnnnYGNwrBImbOCvi6Tjqfsq+/9G1xUjdZQ83PLgtWED96JGG17O6VpbL wsejzz2juK7so32bPVvdASR1mOViBLEkCUwxWlFWlMFqYq8oEWNCyOwLd+ykQUHz7QR+VyonAaK7B vW80AbRttwaYpvvKHCeR3yxx9zo2hRdoHeI0IsUk6jW/qUueP9dyL3k/lc6bt9+7ltA7ErWd4HDXE QNB+iOb6TtJcSn6Fo3oPjQtG7XlrNCMfhOQRudSkbLdPAyusjxbGP4j/jkjVXEJweWgEpUgKekQj9 p0avP/hg==; Received: from sslproxy01.your-server.de ([78.46.139.224]) by www94.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89_1) (envelope-from ) id 1jHuMV-0000Qt-FN for freebsd-questions@freebsd.org; Fri, 27 Mar 2020 20:09:47 +0100 Received: from [2a01:c23:bc44:d600:1a1d:eaff:fe16:cc77] (helo=Danton.virtual-earth.de) by sslproxy01.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jHuMV-000OVR-BP for freebsd-questions@freebsd.org; Fri, 27 Mar 2020 20:09:47 +0100 References: User-agent: mu4e 1.2.0; emacs 28.0.50 From: Mathias Picker To: freebsd-questions@freebsd.org Subject: Re: Jail, vnet, zfs, and iocage, networking setup In-reply-to: Date: Fri, 27 Mar 2020 20:09:46 +0100 Message-ID: <86wo75iphh.fsf@virtual-earth.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Authenticated-Sender: Mathias.Picker@virtual-earth.de X-Virus-Scanned: Clear (ClamAV 0.102.2/25764/Fri Mar 27 14:11:26 2020) X-Rspamd-Queue-Id: 48pryY1lFhz3HlH X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=virtual-earth.de header.s=default_1811 header.b=ER3spqkR; dmarc=pass (policy=none) header.from=virtual-earth.de; spf=pass (mx1.freebsd.org: domain of Mathias.Picker@virtual-earth.de designates 213.133.104.94 as permitted sender) smtp.mailfrom=Mathias.Picker@virtual-earth.de X-Spamd-Result: default: False [-4.06 / 15.00]; SEM_URIBL_UNKNOWN_FAIL(0.00)[query timed out]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[virtual-earth.de:s=default_1811]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; SEM_URIBL_FRESH15_UNKNOWN_FAIL(0.00)[query timed out]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(-1.06)[ipnet: 213.133.96.0/19(-3.73), asn: 24940(-1.56), country: DE(-0.02)]; DKIM_TRACE(0.00)[virtual-earth.de:+]; DMARC_POLICY_ALLOW(-0.50)[virtual-earth.de,none]; RCVD_IN_DNSWL_NONE(0.00)[94.104.133.213.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_NIXSPAM_FAIL(0.00)[94.104.133.213.ix.dnsbl.manitu.net:query timed out]; ASN(0.00)[asn:24940, ipnet:213.133.96.0/19, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; HAS_X_AS(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Mar 2020 19:10:12 -0000 Hi David, I=E2=80=99ve never used iocage, just jail.conf, maybe my experience can=20 still help. I=E2=80=99m setting up an if_bridge whithout my main interface in it, and=20 configure routing. Bridging can show the jail/bridge mac addresses to the outsinde=20 world, which can get you into trouble with your hosting=20 provider. At least Hetzner didn=E2=80=99t like it at all ;) So, I basically put something like this into rc.conf: ------------------------------------------------------------ cloned_interfaces=3D"bridge0" ifconfig_bridge0_name=3D"jailbridge0" ifconfig_jailbridge0=3D"inet [someaddress/somemask] up" ifconfig_jailbridge0_ipv6=3D"inet6 [someaddress/somemask]=E2=80=9C ifconfig_jailbridge0_alias0=3D"inet6 fe80::1/64" # this was needed=20 for routing, I=E2=80=99m not 100% sure if this should be needed=E2=80=A6 --------------------------------------------------------------- Then I put something like this into jail.conf: --------------------------------------------------------------------- $iface=3D"igb0"; $j=3D"/jail"; path=3D"$j/jails/$name"; mount.devfs; exec.clean; exec.start=3D"sh /etc/rc"; exec.stop=3D"sh /etc/rc.shutdown"; exec.prestart=3D"logger starting jail $name ..."; exec.poststart=3D"logger jail $name has started"; exec.prestop=3D"logger shuttding down jail $name"; exec.poststop=3D"logger jail $name has shut down"; # vnet jails vnet; vnet.interface=3D"${name}_j"; exec.prestart+=3D"/usr/local/bin/jailtobridge $name jailbridge0"; exec.poststop+=3D"/sbin/ifconfig jailbridge0 deletem ${name}_b"; exec.consolelog=3D"/var/log/jails/$name-console.log"; # generic hostnames host.hostname=3D"$name.myhost.example.com"; myhost1 {} myhost2 {} ------------------------------------------------------------------ and installed the jails with =E2=80=98bsdinstall jail /jail/jails/myhost1= =E2=80=99=20 and when finished configured networking in the jails rc.conf. This was my first setup with jail.conf and understanding (well,=20 sort of) if_bridge has taken some time, but otherwise it=E2=80=99s really=20 easy. I update the jails with freebsd-update from the host system. Good luck, Mathias David Mehler writes: > Hello, >=20=09 > I'm trying to get vnet jails going on FreeBSD 12.1. I've set up=20 > jails > previously by setting up a cloned lo1 interface now i'd like to=20 > get > zfs, iocage, and vnet jails going. I've got a vps with a single > physical interface. I've got zfs working fine, and iocage is > installed. When I create a jail it has no network access at=20 > all. If I > set up a vlan can I then set up a bridge between the vlan and=20 > the > physical interface? > > Does anyone have some notes on this? Google has shown results=20 > but most > with FreeBSD 11.x. > > Thanks. > Dave. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to=20 > "freebsd-questions-unsubscribe@freebsd.org" --=20 Mathias Picker=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20 Gesch=C3=A4ftsf=C3=BChrer Mathias.Picker@virtual-earth.de virtual earth Gesellschaft f=C3=BCr Wissens re/pr=C3=A4 sentation mbH http://www.virtual-earth.de/ HRB126870 support@virtual-earth.de Westendstr. 142 089 / 1250 3943=20=20=20=20=20=20=20=20=20=20=20=20