From owner-freebsd-questions@FreeBSD.ORG Thu May 30 13:46:15 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 274F8DEC for ; Thu, 30 May 2013 13:46:15 +0000 (UTC) (envelope-from mark@msen.com) Received: from shell.msen.com (msen.com [148.59.86.2]) by mx1.freebsd.org (Postfix) with ESMTP id 6A8DD28B for ; Thu, 30 May 2013 13:46:14 +0000 (UTC) X-Sent-To: Received: from [192.168.2.21] (99-170-102-4.lightspeed.livnmi.sbcglobal.net [99.170.102.4]) (authenticated bits=0) by shell.msen.com (8.14.3/8.14.3) with ESMTP id r4UDk5YX098106 for ; Thu, 30 May 2013 09:46:13 -0400 (EDT) (envelope-from mark@msen.com) Message-ID: <51A7583F.70302@msen.com> Date: Thu, 30 May 2013 09:46:39 -0400 From: Mark Moellering User-Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: VIMAGE (slightly off topic) References: <51A74637.8090809@a1poweruser.com> In-Reply-To: <51A74637.8090809@a1poweruser.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: Pass (sender authenticated); receiver=msen.com; client-ip=99.170.102.4; envelope-from= Received-SPF: Pass (sender authenticated); receiver=msen.com; client-ip=99.170.102.4; helo=[192.168.2.21] X-Milter: Spamilter (Reciever: shell.msen.com; Sender-ip: 99.170.102.4; Sender-helo: [192.168.2.21]; ) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 May 2013 13:46:15 -0000 On 5/30/2013 8:29 AM, Joe wrote: > Pietro Paolini wrote: >> Hello all, >> >> I am a new bye on the FreeBSD and I am looking at the VIMAGE features >> experiencing some problems. >> I added the options : >> VIMAGE >> if_bridge >> >> and I removed >> STCP >> >> then I recompiled my kernel and install it. >> >> After that, following this tutorial >> http://imunes.tel.fer.hr/virtnet/eurobsdcon07_tutorial.pdf I tried >> the "Exercise 2" which consist on the following commands: >> >> vimage -c n1 >> vimage -c n2 >> ngctl mkpeer efface ether ether >> ngctl mkpeer efface ether ether >> ngctl mkpeer em0: bridge lower link0 >> ngctl name em0:lower bridge0 >> ngctl connect em0: bridge0: upper link1 >> ngctl connect ngeth0: bridge0: ether link2 >> ngctl connect ngeth1: bridge0: ether link3 >> vimage -i n1 ngeth0 e0 >> >> But my virtual interface on the n1 vimage does not receive any packet >> from the external network while I can see the packet go out from it. >> >> For instance using DHCP, e0 on n1 sends DHCP packets but it does not >> receive the answers (which are send, I verified it from wireshark), >> in adding >> the ARP request for his IP address (if I try to add it statically) >> are not received then it can not answer. >> >> At the end of the line the question is: how can I make this "virtual >> network" and the external real network be able to communicate ? >> >> Thanks in advance. >> Pietro. >> >> > > 1. That link is from 2007. So very much has changed since then. > There are more current links on the internet about this subject. Most > are for 8.X releases. > > 2. If your running 8.2-RELEASE or 9.1-RELEASE all you need to add is > "options vimage" statement to your kernel source and recompile. > > 3. There are 2 networking methods available for creating vnet/vimage > jail networks, if_bridge/epair and netgraph. The if_bridge/epair > method is far simpler to config and use then the netgraph method. > > 4. There are 2 methods of jail setup, the rc.d method where your jail > definition parameters go into the hosts rc.conf and the jail(8) method > where you can place each jails definition parameter in separate files. > > 5. There are two very important show stopper PRs on vimage, > 164763 memory leak and 149050 the rc.d keyword "nojail" problem. > Vimage is a very long way from prime time usage, thats why it's > labeled as highly experimental. Host system freezes and page faults > are common. > > 6. When it comes to running a firewall in a vnet/vimage jail your > limited to IPFW and it has limitations. Dummynet and in kernel NAT > cause system freezes. IPFILTER causes page fault at boot time. PF will > run on the host but not run in the vnet/vimage jail. Here are a bunch > of PRs on vimage firewall problems, 143621, 176092, 161094, 176992, > 143808, 148155, 165252, 178480, 178482 > > > Check out these links > > http://druidbsd.sourceforge.net/vimage.shtml > http://devinteske.com/vimage-jails-on-freebsd-8 > http://lists.freebsd.org/pipermail/freebsd-virtualization/2011-September/000747.html > > > http://bsdbased.com/2009/12/06/freebsd-8-vimage-epair-howto > http://zewaren.net/site/?q=node/78 > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > I would like to thank Pietro for asking the question and Joe for answering, as I was looking into vimage myself. This sort of thing really helps a lot of people who are exploring FreeBSD and new features.