> On 13. Mar 2022, at 14:07, Patrick M. Hausen <hau...@punkt.de> wrote:
>
> Hi all,
>
> i was a bit puzzled by Michael using bhyve trying to reproduce.
> Up until now I thought bhyve uses tap and not epair?
>
In my setup, FreeBSD 14 runs on a bhyve vm, hosting the jails, which use vnet.
Bare metal -> FreeBSD 13.0 -> bhyve -> FreeBSD Current -> vnet jails
haproxy/web01
Replace bhyve with VMware, AWS, or a bare metal server to understand the setup.
The reason I’m doing this is:
1. I don’t want to update the bare metal host to a non-release version
2. Johan is running his setup inside a vm as well.
Best
Michael
> Anyway ...
>
>> Am 13.03.2022 um 14:01 schrieb Johan Hendriks <joh.hendr...@gmail.com>:
>> I have no idea why it does not work on my setup, which is nothing out of the
>> ordinary i think, basic full jails connected to a bridge interface and one
>> of them exposed to the world wide web using pf binat.
>
> What we do is full exposed VNET jails connected to the bridge
> on the external interface of the host. ipfw kernel module loaded
> but not used in this case, i.e. only the "default to accept" rule active
> in the jails.
>
> I will probably downgrade the production host from 13.1-PRERELEASE
> to 13.0-pX tomorrow and see if that changes anything.
>
> Kind regards,
> Patrick
> --
> punkt.de GmbH
> Patrick M. Hausen
> .infrastructure
>
> Kaiserallee 13a
> 76133 Karlsruhe
>
> Tel. +49 721 9109500
>
> https://infrastructure.punkt.de
> i...@punkt.de
>
> AG Mannheim 108285
> Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein
