Date: Fri, 26 Apr 2013 12:17:00 -0400 From: Joe <fbsd8@a1poweruser.com> To: Anders Hagman <anders.hagman@netplex.se> Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org> Subject: Re: jail(8) vimage epair bridge Message-ID: <517AA87C.2050008@a1poweruser.com> In-Reply-To: <2ED09B04-6888-46CE-B34C-CAC70EB51F96@netplex.se> References: <5176892F.8050802@a1poweruser.com> <77E31AD0-ABE2-44FA-AB19-CF557038DEBE@netplex.se> <51783B89.9080701@a1poweruser.com> <2ED09B04-6888-46CE-B34C-CAC70EB51F96@netplex.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Anders Hagman wrote: > Hi > > 24 apr 2013 kl. 22:07 skrev Joe <fbsd8@a1poweruser.com>: > >> Anders Hagman wrote: >>> Hi >>> 23 apr 2013 kl. 15:14 skrev Joe <fbsd8@a1poweruser.com>: >>>> Hello list >>>> >>>> I am using jail(8) trying to get a functional vimage environment on my >>>> 9.1-RELEASE system. My PC only has a single real NIC facing the public >>>> internet. >>>> >>>> My goal is to be able to have multiple vimage jails, each with >>>> their own epairXa epairXb and bridgeX where the "X" is the jails JID >>>> number all having their traffic passing through the single rl0 real >>>> interface. The vnet.start script shown below handles this nicely. >>>> >>>> The problem is after the first vimage jail is started the rl0 interface >>>> gets marked as busy when the second vimage jail is started. >>> You don't need more the one bridge. >>> Connect all epairXa and the rl0 interface to the bridge. Put the epairXb in the right jail. >>> If you want separation. Create vlan interfaces. >>> Connect them to rl0 and put them inside the jail. >> Hello Anders; >> >> Now that I have an bridge, epair solution, >> I would like to learn the vlan method you spoke about. >> Would you please provide some details about how it could be done. >> I have never used vlan before. > > You need a vlan switch and a trunk connection between your server and the switch. > You need a router/firewall that handles vlans. m0n0wall. What is your definition of a switch? Do you mean a hardware switch in the network cabling? Are you saying ipfw, pf, and ipfilter DON'T handle vlans? > > In your server create vlan interfaces: > > Ifconfig vlan101 create vlan 101 vlandev rl0 > > Move the interface to a started jail > > Ifconfig vlan101 vnet jailX > > Connect to jail, config and test What do you mean by config the jail? Are there vlan commands that need to be run from inside of the jail? For a second vimage jail would I do Ifconfig vlan102 create vlan 102 vlandev rl0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?517AA87C.2050008>