Date: Fri, 17 Jul 2020 15:22:43 +0200 From: Alexander Leidinger <Alexander@leidinger.net> To: Ernie Luzar <luzar722@gmail.com> Cc: freebsd-questions@freebsd.org, freebsd-jail@freebsd.org, David Mehler <dave.mehler@gmail.com> Subject: Re: vnet jail for local only or public access Message-ID: <20200717152243.Horde.9H9QDqj9GtGFk_mayhRBsvs@webmail.leidinger.net> In-Reply-To: <5F119D8F.7030407@gmail.com> References: <CAPORhP5%2BQ8TX_DuwbdAfvqf97pX=SCRfgyOz%2BzvMqPdnJ2gmYA@mail.gmail.com> <CAPORhP6a=3%2BF_xnYP-bL2MWoRYqjU7zXhNHQg6q4Bgg4P71Xsg@mail.gmail.com> <5EFCD605.4000409@gmail.com> <CAPORhP7R26Y85-XjFXqKtAzr2A8RxHgK530CJzp8y73tcgjMDg@mail.gmail.com> <5EFD095F.4040507@gmail.com> <CAPORhP408Cmb2FG89VOpUJJZhGJ2KUG70%2B0pMnzyk3Xev4vi1Q@mail.gmail.com> <5F0119F3.40806@gmail.com> <CAPORhP7QpZ3=3iPfogcKsqf0gBtgLvOdbNLG9=-Hk=8XjNCrcA@mail.gmail.com> <5F049E65.8000701@gmail.com> <CAPORhP7q5s14qy7VcX0rSLbOimweh7aXZuqmPNzTSAchLOHe9w@mail.gmail.com> <5F0DEE4A.6080600@gmail.com> <CAPORhP74%2BVvsWQc-r7UX9pzuzOABxXeL3V1K7FEjJFDarMnyKQ@mail.gmail.com> <5F0F00EB.5010403@gmail.com> <CAPORhP4q6_vkxpPw3okKLmvsm9zPgUn6mDu1XT3x1U8q4uiuDw@mail.gmail.com> <5F0F0FBC.9020200@gmail.com> <CAPORhP77kh9VNR-ZP_1k_5vj-NM9dw1Vgxd3E_muVLNtiLsp6Q@mail.gmail.com> <5F0F152C.3040908@gmail.com> <CAPORhP4oNhA2vT5UG2OtV=JDbwcUCdXsXxzQXjZKSg1Fc6qe2Q@mail.gmail.com> <5F119D8F.7030407@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format and has been PGP signed. --=_mYbDGekQFzpq8P4LMXcRkxV Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Ernie Luzar <luzar722@gmail.com> (from Fri, 17 Jul 2020=20=20 08:46:07=20-0400): > Trying to figure out how to configure a vnet jail so it is=20=20 >=20restricted to only being able to talk to other vnet jails on the=20=20 >=20same host IE: local only vnet jails. As different to being able to=20= =20 >=20access the public internet type of vnet jails. > > Using the bridge/epair method of connecting vnet jails to the host. > [ based on this how-to ] > https://forums.freebsd.org/threads/vnet-jail-with-public-internet-access-= using-the-bridge-epair-method.76071/ > > It's my understanding that this behavior is controlled by if the=20=20 >=20hosts interface connected to the public internet is added as a=20=20 >=20member to the bridge the vnet jails epairXa interfaces were members=20= =20 >=20of. Partly correct. You can also have a setup where your host is routing=20=20 between=20what you call the public internet and the local only vnets. > I tested this on a remote vm and found that it made no difference=20=20 >=20one way or the other if the hosts interface connected to the public=20= =20 >=20internet was added as a member to the bridge or not. In both cases=20= =20 >=20the vnet jail had public internet access. It shouldn't, if there is no routing involved. Please show us "ifconfig -a" and "netstat -rn" of the host. Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_mYbDGekQFzpq8P4LMXcRkxV Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJfEaYjAAoJEBINsJsD+NiGJFYP/1vE8iUmokaZJ94r37L32pX/ mVcEYQVRf38uiCZK3P6XfSdYvMcLCCCxf8L9dgLqWMNjvpMVkMO4wjTc3gqQipuG 7z8vhQiR2Gppy9Ty8ZZLhzmZaCOOGQSUpi2HI0EQPRvNe0XTNa5bzgF5ktJRdOKu CGDd0BU7M2b47xandWN6pRLqK9dbLf6Ax8rsDhqshSjzqSDFB99eztlfP7j22UXm mOlct9P6VwRUnJrgJrKLyH/C+CvFaIJpDiURxxjOugq0q9h996oPgGM4RD8GZ4fc gwFTlwmNitXDhG3Ak6tbU5tyemaT9PJNx4GN2+GNFzZHqOBLU1bXJE6Yc2VNSdXv rOzR7LDaYRtUO6A1x5qSLMimQoVJxfotoFI6ZJ6IsCJi2I8jgrxFkXn9YVJNU5Mj oAt8JtsOhnnow5K4WWkQzvP199F5M7DX7S0214/UZZXSJDK4f0QsighcnfKdrmUC US9tiY1Id98RFWLETkj5Ft1k0o7aKzj/psustP+qx9mGm8P2FClmR/jT19HkmAH7 VqrzV1CFvWidTQuocNHvIS9O4jJ0vYcWNjH/tZgzA09CrlQ8v7AeBcLmTcG0qGnP xNrouaqWMWLuYT3nQ15Rm8gKMXxb4pb7HRCOquYmIzwAv5acOg5DTKmUSv+avq7P ADgLKcxW2pL3uepGg00x =hWez -----END PGP SIGNATURE----- --=_mYbDGekQFzpq8P4LMXcRkxV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200717152243.Horde.9H9QDqj9GtGFk_mayhRBsvs>