Hi Ernie, please consider the last block in my second email, that is the jail.conf for the non-dedicated interface. The host runs all "normal" IP networking on em0.
On Wed, 14 Oct 2020 at 17:14, Ernie Luzar <luzar...@gmail.com> wrote: > Arsenij Solovjev wrote: > > On Wed, 14 Oct 2020 at 15:41, Kristof Provost <k...@freebsd.org> wrote: > > > >> On 14 Oct 2020, at 15:36, Arsenij Solovjev wrote: > >>> On Wed, 14 Oct 2020 at 14:42, Kristof Provost <k...@freebsd.org> wrote: > >>> > >>>> On 14 Oct 2020, at 14:18, Arsenij Solovjev wrote: > >>>>> Hi all! > >>>>> Does anybody know if it's possible to run a vnet jail on a > >>>>> non-dedicated > >>>>> interface? I have the Lucas book on jails. In it he says that for > >>>>> vnet > >>>>> you > >>>>> need to pick a dedicated interface, remove all networking IP > >>>>> configuration > >>>>> and only bring it up. Afterwards you set up jib and whatnot. > >>>>> > >>>>> All works well if I use a dedicated secondary interface (let's call > >>>>> it > >>>>> em1). If I use em0 however I cannot ping the jail. > >>>>> > >>>>> I would like to have a host with that has a single network interface > >>>>> which > >>>>> is used for both normal networking stuff as well as having the vnet > >>>>> jail > >>>>> run on it. > >>>>> > >>>>> Maybe I could create some sort of virtual interface and run vnet on > >>>>> it? > >>>>> > >>>>> Any ideas here? Thanks in advance! > >>>>> > >>>> Look at epair interfaces. > >>>> > >>>> You can put em0 and epair0a in a bridge together and add epair0b to > >>>> the > >>>> vnet jail. > >>>> That gets the vnet jail connected to your LAN. > >>>> > >>>> Or you can skip the bridge, assign an IP to epair0a and route between > >>>> the jail and your LAN. > >>>> > >>>> Regards, > >>>> Kristof > >>>> > >>> Hi Kristof, > >>> > >>> Thanks for your reply! > >>> > >>> considering your first idea. I did this, the jail gets created > >>> seemingly > >>> fine. However I cannot ping the ip of epair0b (this works when using a > >>> dedicated interface). > >>> Also I cannot reach my gateway from within the jail. This too works > >>> when > >>> using a dedicated interface. > >>> Btw I have "sysctl security.jail.allow_raw_sockets=1". > >>> snip: > > >>> > >> This is odd. Are you assigning a new MAC address to the epair interfaces > >> somewhere? Both ends of the epair seem to have a new MAC address, and > >> the same one at that. > >> > >> Regards, > >> Kristof > >> > > > > Not explicitly, no, I let the jib script do the epair creation. > > > To Arsenij Solovjev > > For the record sure would like to see your jail.conf file where you > setup this non-dedicated vnet jail system. > > I believe a non-dedicated vnet jail is for local access only. Is that > correct? > > The bridge setup is for public internet access? Is that correct? > > > To Kristof Provost > > In your reply you said. > "Or you can skip the bridge, assign an IP to epair0a and route between > the jail and your LAN." > Please explain this statement. Route how? > > > > > > > > > _______________________________________________ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
