Date: Sun, 13 Jul 2014 18:30:04 +0200 From: "Marcin Michta" <marcin.michta@gmail.com> To: "'Fbsd8'" <fbsd8@a1poweruser.com>, "'wishmaster'" <artemrts@ukr.net> Cc: freebsd-jail@freebsd.org Subject: Re: Re: Jail vnet features Message-ID: <001801cf9eb7$b4eeb3e0$1ecc1ba0$@gmail.com>
next in thread | raw e-mail | index | archive | help
> >wishmaster wrote: >>=20 >> =20 >> --- Original message --- >> From: "Fbsd8" <fbsd8@a1poweruser.com> >> Date: 11 July 2014, 16:49:08 >> =20 >>=20 >>=20 >>> Marcin Michta wrote: >>>> Hello, >>>> >>>> >>>> >>>> I want to ask what are advantages and disadvantages using VNET? >>>> >>>> I know that it allows each jail to have a private networking stack, = >>>> but what else? >>>> >>>> >>>> >>>> Regards >>>> >>>> Marthin >>>> >>> Its experimental, it has many bugs posted in PR system, loses memory = >>> every time a vnet jail is stopped, firewalls in vnet jail don't = work,=20 >>> other that these show stoppers, use at your own risk. >>=20 >> Hey, man. Stop panic! >>=20 >> Firewall works very well. Memory leak on shutdown it is not very big = problem. >> Main advantage for me is: I am able to filtering and prioritization = traffic coming thought base system. My vnete'ed jails is like a regular = LAN clients and they share INET pipe with appropriate weight. I use = ipfw. >>=20 > > >Oh ya, host panic on boot is another common happing with vimage and = firewall ipf and pf trying to run inside of a vnet jail and on the host = at the same time. > >Many people DO consider any kind of memory leak in kernel software such = as vimage is a really big show stopper for not using it in a production = system. > >If you read a little bit closer the previous post you will see it's = talking about firewall running inside of a vnet/vimage jail. It doesn't > say anything about running a host firewall directing traffic to a ip = number assigned to a vnet jail. > >Here is a list of some of the vnet outstanding PR's > >143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763, 165252, = 176112, 176929, 178480, 178482, 179264, 182350, 185092, 188010, 191468 > >vnet/vimage is experimental and should never be used in a production = system and be exposed to the public network. It is not a secure software = configuration. Sure you can disregard all warnings and common sense and = risk >your host system, thats your choice. I didn't know about these problems I'll check these PR Thanks for help for you all :) Regards Marthin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001801cf9eb7$b4eeb3e0$1ecc1ba0$>