Date: Sat, 27 Apr 2013 22:16:18 +1200 From: zulu <zulu@openvps.biz> To: Laurent Alebarde <l.alebarde@free.fr>, "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org> Subject: Re: state of the art ? Message-ID: <1367057778.517ba5720f37d@gpo.cellcontainer.com> In-Reply-To: <loom.20130427T112838-150@post.gmane.org> References: <loom.20130427T112838-150@post.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Have not used dummynet but a good starting point could be the = official IPFW Handbook section http://www.freebsd.org/doc/handbo= ok/firewalls-ipfw.html. Just treat your jails as you would a = physical host with firewall rules. One caveat to watch out for is tha= t after enabling IPFW on your host all jails will have a default den= y rule and each jail will need to have a rule added to allow traffic= in/out. Also make sure your bridge contains your real NIC if y= ou want to talk to hosts beyond your jail environment (standard netwo= rking things - man pages are your friends, ifconfig, bridge, route, = etc.).=C2=A0 Cheers, Peter=C2=A0 =C2=A0 O= n Saturday, 27-04-2013 on 21:37 Laurent Alebarde wrote: zulu = writes: >=20 > Try and exclude altq and pf from kernel - make them= a loadable module > instead (just to rule out these). > = Thanks zulu, it works now. No crash, and I can ping my zjail. = I think I am going to drop pf completely until it is officiall= y compatible with VIMAGE, and use IPFW.=20 Do you hav= e a good link please for basic and elaborate (including dummynet)= use of IPFW with zjails (I have not found very usefull things up to= now) ? Cheers, Laurent. _________= ______________________________________ freebsd-jail@freebsd.org mail= ing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail T= o unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org= "
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1367057778.517ba5720f37d>