Re: No connection between jails
> I have two jails in the same subnet on two different hosts: > > > HOST1 -- jail1 > > | > > | > > HOST2 - jail2 > > > HOST1: 10.70.7.13/16 > HOST2: 10.70.70.2/16 > jail1: 10.70.5.2/32 > jail2: 10.70.7.50/32 > > Default gateway in the network is 10.70.70.1 but I don't think it > matters in this issue. > > > There is network connection between HOST1 and jail2, or HOST 2 and > jail1, or between any other host in the network and either jail1 or > jail2, however there is no network connection between jail1 and jail2. > By network connection I mean exchange of packets, e.g. "telnet > destination port". Both hosts and the default gateway are connected to > the same psychical switch. > > There is actually more jails on HOST1 but the situation is analogous - > no connection between jails on HOST1 and any jails on HOST2. > > What am I missing? > > > Both hosts have gateway_enable="YES" in rc.conf (net.inet.ip.forwarding: > 1). I am not using VNET, jails are aliased directly in host's network > interfaces (lagg0 for HOST1 and em0 for HOST2). Let me guess, lagg0 includes a wireless device? I think you may have the issue that you can not run multiple MAC addresses on a wireless device, and each of your jails on this node are going to have a unique MAC. > Thanks > GrzegorzJ > > ___ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > -- Rod Grimes rgri...@freebsd.org ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
No connection between jails
I have two jails in the same subnet on two different hosts: HOST1 -- jail1 | | HOST2 - jail2 HOST1: 10.70.7.13/16 HOST2: 10.70.70.2/16 jail1: 10.70.5.2/32 jail2: 10.70.7.50/32 Default gateway in the network is 10.70.70.1 but I don't think it matters in this issue. There is network connection between HOST1 and jail2, or HOST 2 and jail1, or between any other host in the network and either jail1 or jail2, however there is no network connection between jail1 and jail2. By network connection I mean exchange of packets, e.g. "telnet destination port". Both hosts and the default gateway are connected to the same psychical switch. There is actually more jails on HOST1 but the situation is analogous - no connection between jails on HOST1 and any jails on HOST2. What am I missing? Both hosts have gateway_enable="YES" in rc.conf (net.inet.ip.forwarding: 1). I am not using VNET, jails are aliased directly in host's network interfaces (lagg0 for HOST1 and em0 for HOST2). Thanks GrzegorzJ ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Point-to-point connection between jails?
On 29/05/2012 9:56 AM, Julian Elischer wrote: On 5/28/12 7:14 AM, Darren Reed wrote: On 28/05/2012 11:45 PM, Nikos Vassiliadis wrote: On 5/28/2012 1:37 PM, Darren Reed wrote: I've looked through the list of network interfaces that are supported with FreeBSD and none seem to meet my needs. What I want is a network interface that I can configure up in jail A with address 10.1.1.1 and for which I can configure a mate in jail B with the address 10.2.2.2 and use the network interface as the means by which two jails can directly communicate with each other without the need to send any packets out of the machine. Or another way to do this would be to have a virtual network (something like the internal network that VirtualBox has or the host only network supported by VMWware Workstation) defined somewhere and for there to be a specific driver that could be configured and attached to a jail and that virtual network so that you could have N:M communication between jails. Is what I'm looking for already present and google is failing me or is the above functionality the basis for future work, be it planned or otherwise? It seems like a loopback interface does this. root@raidmadi:/home/nik # jls JID IP Address Hostname Path 3 10.2.3.4 / 4 10.7.3.4 / root@raidmadi:/home/nik # ifconfig lo1 lo1: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=3RXCSUM,TXCSUM inet 10.2.3.4 netmask 0xff00 inet 10.7.3.4 netmask 0xff00 root@raidmadi:/home/nik # Maybe you want 'real' isolation? like with epair and VIMAGE? Yes, I was after real isolation but this might work. what you want is epair which is a pseudo driver pair, specifically designed to connect two vimage jails to each other. Yes, that's it. A good example of using epairs can be found here: http://zewaren.net/site/?q=node/71 Something like this should be documented better on freebsd.org. Darren ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: Point-to-point connection between jails?
On 5/29/12 12:52 AM, Darren Reed wrote: On 29/05/2012 9:56 AM, Julian Elischer wrote: On 5/28/12 7:14 AM, Darren Reed wrote: On 28/05/2012 11:45 PM, Nikos Vassiliadis wrote: On 5/28/2012 1:37 PM, Darren Reed wrote: I've looked through the list of network interfaces that are supported with FreeBSD and none seem to meet my needs. What I want is a network interface that I can configure up in jail A with address 10.1.1.1 and for which I can configure a mate in jail B with the address 10.2.2.2 and use the network interface as the means by which two jails can directly communicate with each other without the need to send any packets out of the machine. Or another way to do this would be to have a virtual network (something like the internal network that VirtualBox has or the host only network supported by VMWware Workstation) defined somewhere and for there to be a specific driver that could be configured and attached to a jail and that virtual network so that you could have N:M communication between jails. Is what I'm looking for already present and google is failing me or is the above functionality the basis for future work, be it planned or otherwise? It seems like a loopback interface does this. root@raidmadi:/home/nik # jls JID IP Address Hostname Path 3 10.2.3.4 / 4 10.7.3.4 / root@raidmadi:/home/nik # ifconfig lo1 lo1: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=3RXCSUM,TXCSUM inet 10.2.3.4 netmask 0xff00 inet 10.7.3.4 netmask 0xff00 root@raidmadi:/home/nik # Maybe you want 'real' isolation? like with epair and VIMAGE? Yes, I was after real isolation but this might work. what you want is epair which is a pseudo driver pair, specifically designed to connect two vimage jails to each other. Yes, that's it. A good example of using epairs can be found here: http://zewaren.net/site/?q=node/71 though you don't need the bridge part if you don't want your jail bridged through to the internet. You can also achieve the same thing using netgraph. Something like this should be documented better on freebsd.org. Darren ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Point-to-point connection between jails?
I've looked through the list of network interfaces that are supported with FreeBSD and none seem to meet my needs. What I want is a network interface that I can configure up in jail A with address 10.1.1.1 and for which I can configure a mate in jail B with the address 10.2.2.2 and use the network interface as the means by which two jails can directly communicate with each other without the need to send any packets out of the machine. Or another way to do this would be to have a virtual network (something like the internal network that VirtualBox has or the host only network supported by VMWware Workstation) defined somewhere and for there to be a specific driver that could be configured and attached to a jail and that virtual network so that you could have N:M communication between jails. Is what I'm looking for already present and google is failing me or is the above functionality the basis for future work, be it planned or otherwise? Darren ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: Point-to-point connection between jails?
On Mon, May 28, 2012 at 09:37:27PM +1000, Darren Reed wrote: I've looked through the list of network interfaces that are supported with FreeBSD and none seem to meet my needs. What I want is a network interface that I can configure up in jail A with address 10.1.1.1 and for which I can configure a mate in jail B with the address 10.2.2.2 and use the network interface as the means by which two jails can directly communicate with each other without the need to send any packets out of the machine. Or another way to do this would be to have a virtual network (something like the internal network that VirtualBox has or the host only network supported by VMWware Workstation) defined somewhere and for there to be a specific driver that could be configured and attached to a jail and that virtual network so that you could have N:M communication between jails. Is what I'm looking for already present and google is failing me or is the above functionality the basis for future work, be it planned or otherwise? ifconfig lo1 create ifconfig lo1 inet 127.1.2.3/24 ifconfig lo1 inet 127.1.2.4/32 alias launch jail A with IP 127.1.2.3 and jail B with IP 127.1.2.4 No any packet leaves host. 127.1.2.0/24 will be something like the internal network ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: Point-to-point connection between jails?
On 5/28/2012 1:37 PM, Darren Reed wrote: I've looked through the list of network interfaces that are supported with FreeBSD and none seem to meet my needs. What I want is a network interface that I can configure up in jail A with address 10.1.1.1 and for which I can configure a mate in jail B with the address 10.2.2.2 and use the network interface as the means by which two jails can directly communicate with each other without the need to send any packets out of the machine. Or another way to do this would be to have a virtual network (something like the internal network that VirtualBox has or the host only network supported by VMWware Workstation) defined somewhere and for there to be a specific driver that could be configured and attached to a jail and that virtual network so that you could have N:M communication between jails. Is what I'm looking for already present and google is failing me or is the above functionality the basis for future work, be it planned or otherwise? It seems like a loopback interface does this. root@raidmadi:/home/nik # jls JID IP Address Hostname Path 3 10.2.3.4 / 4 10.7.3.4 / root@raidmadi:/home/nik # ifconfig lo1 lo1: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=3RXCSUM,TXCSUM inet 10.2.3.4 netmask 0xff00 inet 10.7.3.4 netmask 0xff00 root@raidmadi:/home/nik # Maybe you want 'real' isolation? like with epair and VIMAGE? Did I misunderstand your question? Nikos ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: Point-to-point connection between jails?
On 28/05/2012 11:45 PM, Nikos Vassiliadis wrote: On 5/28/2012 1:37 PM, Darren Reed wrote: I've looked through the list of network interfaces that are supported with FreeBSD and none seem to meet my needs. What I want is a network interface that I can configure up in jail A with address 10.1.1.1 and for which I can configure a mate in jail B with the address 10.2.2.2 and use the network interface as the means by which two jails can directly communicate with each other without the need to send any packets out of the machine. Or another way to do this would be to have a virtual network (something like the internal network that VirtualBox has or the host only network supported by VMWware Workstation) defined somewhere and for there to be a specific driver that could be configured and attached to a jail and that virtual network so that you could have N:M communication between jails. Is what I'm looking for already present and google is failing me or is the above functionality the basis for future work, be it planned or otherwise? It seems like a loopback interface does this. root@raidmadi:/home/nik # jls JID IP Address Hostname Path 3 10.2.3.4 / 4 10.7.3.4 / root@raidmadi:/home/nik # ifconfig lo1 lo1: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=3RXCSUM,TXCSUM inet 10.2.3.4 netmask 0xff00 inet 10.7.3.4 netmask 0xff00 root@raidmadi:/home/nik # Maybe you want 'real' isolation? like with epair and VIMAGE? Yes, I was after real isolation but this might work. Darren ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: Point-to-point connection between jails?
On 5/28/12 7:14 AM, Darren Reed wrote: On 28/05/2012 11:45 PM, Nikos Vassiliadis wrote: On 5/28/2012 1:37 PM, Darren Reed wrote: I've looked through the list of network interfaces that are supported with FreeBSD and none seem to meet my needs. What I want is a network interface that I can configure up in jail A with address 10.1.1.1 and for which I can configure a mate in jail B with the address 10.2.2.2 and use the network interface as the means by which two jails can directly communicate with each other without the need to send any packets out of the machine. Or another way to do this would be to have a virtual network (something like the internal network that VirtualBox has or the host only network supported by VMWware Workstation) defined somewhere and for there to be a specific driver that could be configured and attached to a jail and that virtual network so that you could have N:M communication between jails. Is what I'm looking for already present and google is failing me or is the above functionality the basis for future work, be it planned or otherwise? It seems like a loopback interface does this. root@raidmadi:/home/nik # jls JID IP Address Hostname Path 3 10.2.3.4 / 4 10.7.3.4 / root@raidmadi:/home/nik # ifconfig lo1 lo1: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=3RXCSUM,TXCSUM inet 10.2.3.4 netmask 0xff00 inet 10.7.3.4 netmask 0xff00 root@raidmadi:/home/nik # Maybe you want 'real' isolation? like with epair and VIMAGE? Yes, I was after real isolation but this might work. what you want is epair which is a pseudo driver pair, specifically designed to connect two vimage jails to each other. Darren ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail tofreebsd-net-unsubscr...@freebsd.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
