From owner-freebsd-questions@freebsd.org Sat Aug 15 14:44:16 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BEAB93BC217 for ; Sat, 15 Aug 2020 14:44:16 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BTNNv3hGsz4Cgn for ; Sat, 15 Aug 2020 14:44:15 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-qk1-x736.google.com with SMTP id g26so11054819qka.3 for ; Sat, 15 Aug 2020 07:44:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=Y5/tgpYATBcidqlvz62akWTeopTUJLxrXoAo4UNmXnA=; b=NYNYEe6q11PbRqdCXFGmwK28vFOTaMRFvavjbxXbIBEUGtVJNrX6FvVy7c3wm/hNHV ZhdI60IH/Sfop9gxtyhCzQgF682udHSUX+tpQTgkktq7XiPCbxVcw+jtNWVR1OWqMAKb gpWjqT1IJHbeEhbrdet9jIPvY7T3A+GlMlR7wNLJ8I3hCZI4fhMqNEVetZ+Vrl9j+mnb 6lPMJdWJLtQJqOR63YvNKP+4denwOW4CCQ0pCubzab8rg8nHX6jtQ48xs2uUYxoTPf9P sIwHkCz2PGWs04jLisWSGSjSJairY0gWEKbf4H8titO4ubHqp+Z4tPhtWZTpDoiASOJj oaPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=Y5/tgpYATBcidqlvz62akWTeopTUJLxrXoAo4UNmXnA=; b=HbyNu8AA/B/DLZIr6udDsUrIoqE+oRrD3clV3YJS2kw/soi8MBeXTTPlWU09AAZMFM E4hAmPeJvau8ZNHkh2r7kL2qnHjQgmW5c88uWicCzS9Cj04XhyjAyLa5kYxczmWUwZCy vz3cRsRhZEcfl7DUfOkGZd9jchrMRwjB0h1jhHKxKeO4Y7jcfpTmlgUpiDAPXtqLqXaM lzbs4js2Gzi17JYXzDgrm7jiyblSLZUHU+3kw/Gg5nqQVcyhuBfdAQ+ujT5xheDPEGyh qg1DwYuxVlO+o58ggTbjuJ8KaqnzHbBoLmOVEiTWgWgSQznH3v2z4dIka9rW15gHz8SF 9Sag== X-Gm-Message-State: AOAM532xGc25A/wBbbtxYTeVYySiQu93/zEgPUKfCg+qJY//1Teoqmqu t1gQvnCTVwnWRqSy8HnhPKSwDX7nlfA= X-Google-Smtp-Source: ABdhPJw+qdqmEnvKr8WveVA4PcCTwyRDgJBYnnGwUd37RgtFc6FrdJ4or+HkEII5fsBuBzTla1ap7w== X-Received: by 2002:a05:620a:152d:: with SMTP id n13mr5858291qkk.43.1597502654447; Sat, 15 Aug 2020 07:44:14 -0700 (PDT) Received: from [10.0.10.8] (cpe-65-25-51-0.neo.res.rr.com. [65.25.51.0]) by smtp.googlemail.com with ESMTPSA id v45sm13976223qtc.42.2020.08.15.07.44.13 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 15 Aug 2020 07:44:13 -0700 (PDT) Message-ID: <5F37F4BD.5030301@gmail.com> Date: Sat, 15 Aug 2020 10:44:13 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Arthur Chance CC: "freebsd-questions@freebsd.org" Subject: Re: can a domain name config point to a vlan tag at the host References: <5F37E329.3000903@gmail.com> <9a027a2c-3575-25ac-6ccc-0f186a3d6820@qeng-ho.org> In-Reply-To: <9a027a2c-3575-25ac-6ccc-0f186a3d6820@qeng-ho.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1597502655; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Y5/tgpYATBcidqlvz62akWTeopTUJLxrXoAo4UNmXnA=; b=tf1Q7CnG+8UzI7PPRm9vHIxiGa0elvg1ppYwUwF9CsX7mX6ac+w9siezC+EiKiN27LKj39 Tm+nhyAkudxl6iJ34I93reQfRdpAKZe20NDDZgJ/orWZGs4H3Xla8LbsnW5rE8RKyxsuOP Ctcla7XW8Gnb9PfiumsrcW9ZRcw47S5QPxjyAtrSfZIrOSWbj+0Bmoplh7v7fz/XylXveq PWZim8tbx6fsWP+12Cp3jWYSw/t2FCi3WnT1Fbj7W2OoQ5bFZF8Tz0Q4wa2Wswbmt9VQGZ /GNIsWOnHoQwU/6lRMApjOiEXD+49BhtQEWzz0Dzh4aYLpAg5cy4f7TMlotauA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1597502655; a=rsa-sha256; cv=none; b=S+UHuOUuMD9Brb9k5bT1uS9BHtyNmzYcqGtVdFmSFx/691RK0X9MJ7ezoLpFvwmFsGCH9P W/2fWCw3D02Q/12auK3FgMg2lmT2OuydnyMHDbfh591GtqeEaLyRQzmFz8vpF/uT50VCTE Cpp7u/0L8SbESY0A6TRZDiDwGEM8knBpn03kJXd57hIB6uJlXCh13giDV+wobfflxyiil5 WQWp7Zk3Am7xdVQJ17GSRfT1G90Y0Qpk21872E1SujHoYDFyTPx5H3gBsnR5t4XMXVkVVh NONFspfmmeQRpJY+Voqy5jm+wsI6cTfz1czOysw8P0Tc7GRIKQfs86nw2U14VA== ARC-Authentication-Results: i=1; mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=NYNYEe6q; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luzar722@gmail.com designates 2607:f8b0:4864:20::736 as permitted sender) smtp.mailfrom=luzar722@gmail.com X-Rspamd-Queue-Id: 4BTNNv3hGsz4Cgn X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=NYNYEe6q; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luzar722@gmail.com designates 2607:f8b0:4864:20::736 as permitted sender) smtp.mailfrom=luzar722@gmail.com X-Spamd-Result: default: False [-3.92 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; ARC_SIGNED(0.00)[i=1]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.88)[-0.876]; RECEIVED_SPAMHAUS_PBL(0.00)[65.25.51.0:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.04)[-1.044]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.003]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::736:from]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Aug 2020 14:44:16 -0000 Arthur Chance wrote: > On 15/08/2020 14:29, Ernie Luzar wrote: >> I set up vlan for the host interface cabled to the public internet. >> How do I drive internet traffic to the desired vlan name on the host >> using a registered domain name? >> >> My rc.conf has this >> >> ifconfig_re0="DHCP" >> gateway_enable="YES" >> >> vlans_re0="1 2 3" >> >> # vlan_1Â is for the host >> # vlan_2Â is for vnet jailA >> # vlan_3Â is for vnet jailB >> >> Final goal is to drive traffic from the public internet using a fqdn to >> the vnet jailA. > > I strongly suggest you read up more about networking because it's > obvious you don't really understand it. All network traffic goes to *IP > addresses* not domains. DNS says what addresses to use for a specific > domain, but *all* connection attempts, whatever the protocol, are to a > specific numeric IP address. Yes, protocols like HTTP then accept a host > specification for further "routing" but that happens *after* the initial > connection is made. > > If you want to run N jails with N different domains, all with their own > traffic to arbitrary ports, you are going to need at least N different > IP addresses. > I agree with you that I am not a network guru, but I do have a general big picture understanding. Problem with the network manuals I have read is they do not give real world examples showing how to implement the concepts talked about. They contain NO cross over reference to vnet jails. Also all the public literature on vnet jails never talk about how to drive public traffic to a vnet jail or that vnet jails are limited to requiring a virgin public ipv4 address for the vnet jails sole use. After all the reading and trial and error attempts I come here to ask questions to get the answers only someone with vnet experience can answer. Hoping that is you. As I understand it vnet jails have to have their own host interface device with a public ip address that is not already in use by the host. This translates to a business type of ISP account to get 3 static ipv4 public addresses. This is a very expensive setup just to do some concept testing to be able to write a business proposal for in house IT management. Now last month a guy posted on the questions list that he was using vlan tags to separate his single dynamic public ip address into 4 vlan tags. One for the host and 3 for vnet jails. He states he can ping the public internet from inside of the vnet jails using this concept. But the part missing is how to drive public traffic to the vlan tagged vnet jail. So I ask the question to you again. Is there a way to configure a domain name setup to not only point to the hosts public ip address but also to its layer 2 vlan tag? The srv record looked like a good candidate but could not find any mention of vlan tags. Or could it be the "A" record ip address field with something like this x.x.x.x_2 Where in the host vlan_2 is a vnet jail.