Trying to figure out how to configure a vnet jail so it is restricted to only being able to talk to other vnet jails on the same host IE: local only vnet jails. As different to being able to access the public internet type of vnet jails.Using the bridge/epair method of connecting vnet jails to the host. [ based on this how-to ] https://forums.freebsd.org/threads/vnet-jail-with-public-internet-access-using-the-bridge-epair-method.76071/It's my understanding that this behavior is controlled by if the hosts interface connected to the public internet is added as a member to the bridge the vnet jails epairXa interfaces were members of.
Partly correct. You can also have a setup where your host is routing between what you call the public internet and the local only vnets.
I tested this on a remote vm and found that it made no difference one way or the other if the hosts interface connected to the public internet was added as a member to the bridge or not. In both cases the vnet jail had public internet access.
It shouldn't, if there is no routing involved. Please show us "ifconfig -a" and "netstat -rn" of the host. Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netch...@freebsd.org : PGP 0x8F31830F9F2772BF
pgpW43lgHjuOi.pgp
Description: Digitale PGP-Signatur