From owner-freebsd-questions@FreeBSD.ORG Thu May 30 15:21:27 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id C82FE6DC for ; Thu, 30 May 2013 15:21:27 +0000 (UTC) (envelope-from pulsarpietro@aol.com) Received: from omr-m01.mx.aol.com (omr-m01.mx.aol.com [64.12.143.75]) by mx1.freebsd.org (Postfix) with ESMTP id 8E7D3D1E for ; Thu, 30 May 2013 15:21:27 +0000 (UTC) Received: from mtaout-da04.r1000.mx.aol.com (mtaout-da04.r1000.mx.aol.com [172.29.51.132]) by omr-m01.mx.aol.com (Outbound Mail Relay) with ESMTP id 3C29F700580DE; Thu, 30 May 2013 11:21:21 -0400 (EDT) Received: from ppaolini-mac.genexislocal.nl (mail.genexis.nl [78.108.141.145]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mtaout-da04.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 50CC0E000089; Thu, 30 May 2013 11:21:20 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) Subject: Re: VIMAGE From: Pietro Paolini In-Reply-To: <51A74637.8090809@a1poweruser.com> Date: Thu, 30 May 2013 17:21:17 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <627BE01F-08C6-4A79-A6DC-32B7C65B6DA7@aol.com> References: <51A74637.8090809@a1poweruser.com> To: Joe X-Mailer: Apple Mail (2.1503) x-aol-global-disposition: G DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20121107; t=1369927281; bh=SoRTeakSSNphgycXvNXmDF2oJeMnm1ykjf/PdIVlMbk=; h=From:To:Subject:Message-Id:Date:Mime-Version:Content-Type; b=nWipejdqQMKB224Corl6Am6QF1Nu/TOC2RsJIdRIyyDIZhUuqaUOTcxxckabd/X3C 9uTwKHgHIFivxLMY4UDdTLp4BWTcXvW2wiMMbq1Qhwu0tQW6l0lV7Aru5MV4FtcYpe VYBS0ZMQiTJriJJ9SKuFH9V5hRmGKyI+0zeFr3+s= X-AOL-SCOLL-SCORE: 0:2:458288352:93952408 X-AOL-SCOLL-URL_COUNT: 0 x-aol-sid: 3039ac1d338451a76e6e1237 X-AOL-IP: 78.108.141.145 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 May 2013 15:21:27 -0000 On May 30, 2013, at 2:29 PM, Joe wrote: > Pietro Paolini wrote: >> Hello all, >> I am a new bye on the FreeBSD and I am looking at the VIMAGE features = experiencing some problems. >> I added the options : >> VIMAGE >> if_bridge >> and I removed >> STCP >> then I recompiled my kernel and install it. >> After that, following this tutorial = http://imunes.tel.fer.hr/virtnet/eurobsdcon07_tutorial.pdf I tried the = "Exercise 2" which consist on the following commands: >> vimage -c n1 >> vimage -c n2 >> ngctl mkpeer efface ether ether >> ngctl mkpeer efface ether ether >> ngctl mkpeer em0: bridge lower link0 >> ngctl name em0:lower bridge0 >> ngctl connect em0: bridge0: upper link1 >> ngctl connect ngeth0: bridge0: ether link2 >> ngctl connect ngeth1: bridge0: ether link3 >> vimage -i n1 ngeth0 e0 >> But my virtual interface on the n1 vimage does not receive any packet = from the external network while I can see the packet go out from it. >> For instance using DHCP, e0 on n1 sends DHCP packets but it does not = receive the answers (which are send, I verified it from wireshark), in = adding >> the ARP request for his IP address (if I try to add it statically) = are not received then it can not answer. >> At the end of the line the question is: how can I make this "virtual = network" and the external real network be able to communicate ? >> Thanks in advance. >> Pietro. >=20 > 1. That link is from 2007. So very much has changed since then. > There are more current links on the internet about this subject. Most = are for 8.X releases. >=20 > 2. If your running 8.2-RELEASE or 9.1-RELEASE all you need to add is = "options vimage" statement to your kernel source and recompile. >=20 > 3. There are 2 networking methods available for creating vnet/vimage = jail networks, if_bridge/epair and netgraph. The if_bridge/epair method = is far simpler to config and use then the netgraph method. >=20 > 4. There are 2 methods of jail setup, the rc.d method where your jail = definition parameters go into the hosts rc.conf and the jail(8) method = where you can place each jails definition parameter in separate files. >=20 > 5. There are two very important show stopper PRs on vimage, > 164763 memory leak and 149050 the rc.d keyword "nojail" problem. > Vimage is a very long way from prime time usage, thats why it's = labeled as highly experimental. Host system freezes and page faults are = common. >=20 > 6. When it comes to running a firewall in a vnet/vimage jail your = limited to IPFW and it has limitations. Dummynet and in kernel NAT cause = system freezes. IPFILTER causes page fault at boot time. PF will run on = the host but not run in the vnet/vimage jail. Here are a bunch of PRs on = vimage firewall problems, 143621, 176092, 161094, 176992, 143808, = 148155, 165252, 178480, 178482 >=20 >=20 > Check out these links >=20 > http://druidbsd.sourceforge.net/vimage.shtml > http://devinteske.com/vimage-jails-on-freebsd-8 > = http://lists.freebsd.org/pipermail/freebsd-virtualization/2011-September/0= 00747.html >=20 > http://bsdbased.com/2009/12/06/freebsd-8-vimage-epair-howto > http://zewaren.net/site/?q=3Dnode/78 >=20 >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" Thanks so much, really interesting and good links but I can't again = accomplish my task - I followed = http://bsdbased.com/2009/12/06/freebsd-8-vimage-epair-howto as a base = tutorial -=20 I would like simulate more client for my PC using this technology, and = that's my topology: 1 - Two epairs created=20 2 - Two jail created 3 - Assign one intf for jail 4 - Add the real interface to a bridge where I put all the interfaces ------- JAIL1 0b ------- ------- JAIL2 =20 1b ------- ------- HOST 0a 1a em0 --> REAL ------- Where {0,1}a is the first pair and {0,1}b is the second and em0 is my = real interface (it has an IP address), then I got to the problem, I = tried=20 to : jexec 2 dhclient epair1b =20 And I can see the DHCP packet with the correct MAC address going out, = the server reply (I have a sniffer pc) but the transaction does not end = successfully, what is really strange is that if I attach tcpdump on em0 = I can NOT see the answer server sends while when I try dhclient em0=20 I can see the packet going in and out and the DHCP transaction finish = successfully. Do you have any idea about how can I accomplish my=20 target ? Maybe I am using the wrong technology ? I would not surprised if I make a error on my configuration but what = really interest me is if I CAN do that using jail. Thanks a lot, and in advance ! :-) Pietro. >=20