Arsenij Solovjev wrote:
On Wed, 14 Oct 2020 at 15:41, Kristof Provost <k...@freebsd.org> wrote:
On 14 Oct 2020, at 15:36, Arsenij Solovjev wrote:
On Wed, 14 Oct 2020 at 14:42, Kristof Provost <k...@freebsd.org> wrote:
On 14 Oct 2020, at 14:18, Arsenij Solovjev wrote:
Hi all!
Does anybody know if it's possible to run a vnet jail on a
non-dedicated
interface? I have the Lucas book on jails. In it he says that for
vnet
you
need to pick a dedicated interface, remove all networking IP
configuration
and only bring it up. Afterwards you set up jib and whatnot.
All works well if I use a dedicated secondary interface (let's call
it
em1). If I use em0 however I cannot ping the jail.
I would like to have a host with that has a single network interface
which
is used for both normal networking stuff as well as having the vnet
jail
run on it.
Maybe I could create some sort of virtual interface and run vnet on
it?
Any ideas here? Thanks in advance!
Look at epair interfaces.
You can put em0 and epair0a in a bridge together and add epair0b to
the
vnet jail.
That gets the vnet jail connected to your LAN.
Or you can skip the bridge, assign an IP to epair0a and route between
the jail and your LAN.
Regards,
Kristof
Hi Kristof,
Thanks for your reply!
considering your first idea. I did this, the jail gets created
seemingly
fine. However I cannot ping the ip of epair0b (this works when using a
dedicated interface).
Also I cannot reach my gateway from within the jail. This too works
when
using a dedicated interface.
Btw I have "sysctl security.jail.allow_raw_sockets=1".
snip:
This is odd. Are you assigning a new MAC address to the epair interfaces
somewhere? Both ends of the epair seem to have a new MAC address, and
the same one at that.
Regards,
Kristof
Not explicitly, no, I let the jib script do the epair creation.
To Arsenij Solovjev
For the record sure would like to see your jail.conf file where you
setup this non-dedicated vnet jail system.
I believe a non-dedicated vnet jail is for local access only. Is that
correct?
The bridge setup is for public internet access? Is that correct?
To Kristof Provost
In your reply you said.
"Or you can skip the bridge, assign an IP to epair0a and route between
the jail and your LAN."
Please explain this statement. Route how?
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
