Date: Sun, 19 Jun 2011 21:42:42 +0000 From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: Stefan Bethke <stb@lassitu.de> Cc: freebsd-virtualization@freebsd.org Subject: Re: VIMAGE and pf? Message-ID: <27F2A9EF-EE03-47BD-894E-7CDB1B4BF478@FreeBSD.org> In-Reply-To: <30F13111-4ED7-412C-9F08-93340D51A633@lassitu.de> References: <0A8B9BF3-8401-4541-9FBD-0C292149C5E4@lassitu.de> <4DFD67F0.3010508@freebsd.org> <30F13111-4ED7-412C-9F08-93340D51A633@lassitu.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 19, 2011, at 8:40 PM, Stefan Bethke wrote: > Am 19.06.2011 um 05:07 schrieb Julian Elischer: >=20 >> On 6/18/11 3:53 AM, Stefan Bethke wrote: >>> Is VIMAGE supposed to be compatible with pf? On r223207 (8-stable) = I'm getting a panic when pfctl loads the rules: >>=20 >>=20 >> no they are not compatible.. there are comatibilty patches but we = have so far failed to get them into the tree. >=20 > Aw, too bad. >=20 > I'm trying to get some processes, maybe a full jail, to use a seperate = ADSL (PPPoE) connection as their default route, and I'm a bit flummoxed = by the options. >=20 > It seems that pf won't allow me to reference jails in rules (according = to pf.conf(5)), but I could have those processes run as a certain user. >=20 > Alternatively, I think I should be able to use setfib(1) with = ROUTETABLES. Any advice on how I would configure mpd5 and/or a jail? I had posted a patch and I thought (maybe even committed to HEAD?) that = restricts pf to the base system so you could use it from there, it = wouldn't panic but not be available from within vnets. For mpd5 to work inside a jail and create interfaces etc. you would need = VNETs. For moving mpd interfaces into a JAIL you would need VNETs. If you just want mpd in base and services in a jail static IPs could do = the trick. Jails can exists without the IPs present -- listening = services will be more tircky. Ok, just a patch it seems, not committed; try to see if it still applies = to stable/8. If not I can probably update it quickly: = http://lists.freebsd.org/pipermail/freebsd-virtualization/2010-September/0= 00509.html /bz --=20 Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?27F2A9EF-EE03-47BD-894E-7CDB1B4BF478>