From owner-freebsd-hackers@FreeBSD.ORG Sun Mar 9 21:22:03 2014 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 32F36AB1; Sun, 9 Mar 2014 21:22:03 +0000 (UTC) Received: from mail-ob0-x236.google.com (mail-ob0-x236.google.com [IPv6:2607:f8b0:4003:c01::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D31C67FA; Sun, 9 Mar 2014 21:22:02 +0000 (UTC) Received: by mail-ob0-f182.google.com with SMTP id uz6so6267544obc.13 for ; Sun, 09 Mar 2014 14:22:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9sTc/e9eoJ1HPbBarNvhFvINq67P6MX/jhWJoHqRxao=; b=CE8AFdl4nKKD2KnYGrOwer8LItPbkXqqCiKCuq1tAw8oGVe7xwaf/w9Wpv44XgM2sk awvLXzw/jbKDU9BoDdb6VZoxoBB/RYenxu+bRs4IoQb4GKsOpZRIf9ZZFpdb4GbsEfZp nAEPF/Iv0nlSqyTnBFeCNm+BUZE2yhLkc3JBOk/NmRZFV/4S5laHrAgECOwn/MvdOGEG VyTuD97S9w50qHHC/LuDXouOhWr5ucL+HsoGNJd0r74c9N3rmpQ0k3VAjJbxZQQDBZKt TvovIOy1swHbCQ9yepQ8k9knLMkRazFZ5cNlNme66vy62SgPPnUbenwedG65Ec+HvYmG 4I7g== MIME-Version: 1.0 X-Received: by 10.182.230.135 with SMTP id sy7mr25888906obc.24.1394400122222; Sun, 09 Mar 2014 14:22:02 -0700 (PDT) Received: by 10.182.76.201 with HTTP; Sun, 9 Mar 2014 14:22:02 -0700 (PDT) In-Reply-To: References: <53181410.1030107@freebsd.org> <5318B836.7040301@grosbein.net> <19cd01cf3974$dffa5bf0$9fef13d0$@FreeBSD.org> <1a1801cf39d4$1155a830$3400f890$@FreeBSD.org> Date: Sun, 9 Mar 2014 17:22:02 -0400 Message-ID: Subject: Re: How do I create a cloned interface when there is no static connection? From: Joe Nosay To: Devin Teske Content-Type: multipart/mixed; boundary=001a11c33676f5d66a04f43313c9 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: FreeBSD Hackers , Eugene Grosbein X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Mar 2014 21:22:03 -0000 --001a11c33676f5d66a04f43313c9 Content-Type: text/plain; charset=ISO-8859-1 On Sat, Mar 8, 2014 at 11:31 AM, Joe Nosay wrote: > > > > On Fri, Mar 7, 2014 at 10:52 PM, Joe Nosay wrote: > >> >> >> >> On Fri, Mar 7, 2014 at 10:37 PM, Joe Nosay wrote: >> >>> >>> >>> On Fri, Mar 7, 2014 at 10:00 PM, Joe Nosay wrote: >>> >>>> >>>> >>>> >>>> On Fri, Mar 7, 2014 at 2:08 AM, wrote: >>>> >>>>> >>>>> >>>>> > -----Original Message----- >>>>> > From: Joe Nosay [mailto:superbisquit@gmail.com] >>>>> > Sent: Thursday, March 6, 2014 6:52 PM >>>>> > To: Devin Teske >>>>> > Cc: FreeBSD Hackers; Eugene Grosbein >>>>> > Subject: Re: How do I create a cloned interface when there is no >>>>> static >>>>> > connection? >>>>> > >>>>> > On Thu, Mar 6, 2014 at 2:47 PM, wrote: >>>>> > >>>>> > > >>>>> > > >>>>> > > > -----Original Message----- >>>>> > > > From: Eugene Grosbein [mailto:eugen@grosbein.net] >>>>> > > > Sent: Thursday, March 6, 2014 10:03 AM >>>>> > > > To: Joe Nosay >>>>> > > > Cc: FreeBSD Hackers >>>>> > > > Subject: Re: How do I create a cloned interface when there is no >>>>> > > > static connection? >>>>> > > > >>>>> > > > On 07.03.2014 00:39, Joe Nosay wrote: >>>>> > > > >>>>> > > > > I'll need a dummy interface inside of the that can be bridged >>>>> to >>>>> > > > > wlan0 outside of the jail. Normal jail with aliases. >>>>> > > > >>>>> > > > Try epair(4) and give one part of pair to jail and bridge another >>>>> > > > part >>>>> > > with >>>>> > > > wlan0. >>>>> > > > >>>>> > > >>>>> > > Never tried bridging a wlan with netgraph, but I wonder if the >>>>> method >>>>> > > I use for bridging Ethernet with netgraph would work... >>>>> > > >>>>> > > Using the ngctl command to create an ng_bridge and then multiple >>>>> > > ng_eiface devices that you can be shoved into the jail. >>>>> > > >>>>> > > kldload ng_ether >>>>> > > kldload ng_bridge >>>>> > > kldload ng_eiface >>>>> > > ngctl >>>>> > > + mkpeer {IFACE}: bridge lower link0 >>>>> > > + connect {IFACE}: {IFACE}:lower upper link1 >>>>> > > + name {IFACE}:lower {IFACE}bridge >>>>> > > + quit >>>>> > > ifconifg {IFACE} up >>>>> > > ngctl >>>>> > > + msg {IFACE}: setpromisc 1 >>>>> > > + msg {IFACE}: setautosrc 0 >>>>> > > + mkpeer {IFACE}:lower eiface link{N} ether >>>>> > > + name {IFACE}bridge:link{N} >>>>> > > + show -n {IFACE}bridge: >>>>> > > Name: ngeth0 Type: eiface ID: XXXXXXXX >>>>> Num >>>>> > > hooks: N >>>>> > > + name {IFACE}bridge:link{N} {NEWIFACE} >>>>> > > ifconfig ngeth0 name {NEWNAME} >>>>> > > ifconfig {NEWNAME} vnet {JID} >>>>> > > >>>>> > > Taking care to replace the following from above: >>>>> > > {IFACE} - the name of the interface you want to bridge (eg, em0) >>>>> {N} - >>>>> > > link number (starts at 2; increments by-one for each new eiface) >>>>> > > {NEWIFACE} - the name of the new eiface (ngethN) device to create >>>>> > > {JID} - the jail ID of the jail you want to shove the interface >>>>> into >>>>> > > >>>>> > > Of course, never tried this with WiFi. >>>>> > >>>>> > I did not properly create the jail.conf script. I believe the file of >>>>> /etc/rc.d/jail >>>>> > should be followed; yet, there is no tutorial on setting it up. >>>>> > My /etc/rc.conf file is also improperly setup. How? I don't know; >>>>> but, I >>>>> can tell >>>>> > because the system will not boot completely and ctrl+C must be hit to >>>>> allow >>>>> > logging in. >>>>> >>>>> What release are you using? "uname -spr" is often succinct enough. >>>>> -- >>>>> Devin >>>>> >>>>> _____________ >>>>> The information contained in this message is proprietary and/or >>>>> confidential. If you are not the intended recipient, please: (i) delete the >>>>> message and all copies; (ii) do not disclose, distribute or use the message >>>>> in any manner; and (iii) notify the sender immediately. In addition, please >>>>> be aware that any message addressed to our domain is subject to archiving >>>>> and review by persons other than the intended recipient. Thank you. >>>>> >>>> >>>> >>>> FreeBSD 10.0-RELEASE amd64 >>>> The /etc/rc.d/jail script is interpreting the name at -G in >>>> FreeBSD-Google_projects to be a command line option. I am going to see what >>>> happens if I just change the name. >>>> >>> >>> >>> Ok. >>> The jail.conf is in /etc, the name is without hypens or undescores, and >>> the script dies with "/etc/rc no such file or directory" from jail.conf. >>> There is a /etc/rc but I know that jail exists in /etc/rc.d? >>> Wait a sec. >>> >> >> >> Okay. >> Herein lies the problem: I used /bin/sh plus location of jail plus the >> command to start and stop. The system does not seem to be able to find the >> script. I have not ran /usr/libexec/locate.updatedb yet. That may help, I >> don't know. >> Hold a sec, let me test. >> >> exec.start = "/bin/sh /etc/rc.d/jail jail_start"; >> exec.stop = "/bin/sh /etc/rc.d/jail jail_stop"; >> >> >> >> > > I have the start and stop commands incorrectly set up. Do I need the > commands or are they automatic? > Attached is the pf.conf and the script for cloning lo0 while starting the jail. "jail -c /jails/FreeBSD-Google_projects" is an unknown parameter. As you can tell, I am trying to solve the problem. Am I doing it right or wrong? I am not able to tell so I need someone to tell me. Something is wrong, I know. What did I do wrong here? Why do I feel like all of you are mocking me and laughing at me? --001a11c33676f5d66a04f43313c9 Content-Type: application/octet-stream; name="pf.conf" Content-Disposition: attachment; filename="pf.conf" Content-Transfer-Encoding: base64 X-Attachment-Id: f_hsl2afmk0 ICAgIGV4dF9pZj0id2xhbjAiCiAgICBqYWlsX2lmPSJsbzEiCgogICAgCiAgICBJUF9KQUlMX1dX Vz0iMTI3LjEuMi43IgoKICAgIE5FVF9KQUlMPSIxMjcuMS4yLjcvMzIiCgogICAgUE9SVF9XV1c9 Ins4MH0iCgogICAgc2NydWIgaW4gYWxsCgogICAgIyBuYXQgYWxsIGphaWwgdHJhZmZpYwogICAg bmF0IHBhc3Mgb24gJGV4dF9pZiBmcm9tICRORVRfSkFJTCB0byBhbnkgLT4gJElQX1BVQgoKICAg ICMgV1dXCiAgICByZHIgcGFzcyBvbiAkZXh0X2lmIHByb3RvIHRjcCBmcm9tIGFueSB0byAkSVBf UFVCIHBvcnQgJFBPUlRfV1dXIC0+ICRJUF9KQUlMX1dXVwoKICAgICMgZGVtbyBvbmx5LCBwYXNz aW5nIGFsbCB0cmFmZmljCiAgICBwYXNzIG91dAogICAgcGFzcyBpbgo= --001a11c33676f5d66a04f43313c9 Content-Type: application/octet-stream; name=jail_quick_start Content-Disposition: attachment; filename=jail_quick_start Content-Transfer-Encoding: base64 X-Attachment-Id: f_hsl2amuq1 IyEvYmluL3NoCmlmY29uZmlnIGxvMSBjcmVhdGUgJiYgaWZjb25maWcgbG8xIDEyNy4xLjIuNy8z MiBhbGlhcyAmJiBqYWlsIC1jIC9qYWlscy9GcmVlQlNELUdvb2dsZV9wcm9qZWN0cyBtb3VudC5k ZXZmcyBob3N0Lmhvc3RuYW1lPXdlZWJ5IGlwNC5hZGRyPTEyNy4xLjIuNyBjb21tYW5kPS9iaW4v c2g= --001a11c33676f5d66a04f43313c9--