Date: Sat, 15 Aug 2020 10:44:13 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Arthur Chance <freebsd@qeng-ho.org> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: can a domain name config point to a vlan tag at the host Message-ID: <5F37F4BD.5030301@gmail.com> In-Reply-To: <9a027a2c-3575-25ac-6ccc-0f186a3d6820@qeng-ho.org> References: <5F37E329.3000903@gmail.com> <9a027a2c-3575-25ac-6ccc-0f186a3d6820@qeng-ho.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Arthur Chance wrote: > On 15/08/2020 14:29, Ernie Luzar wrote: >> I set up vlan for the host interface cabled to the public internet. >> How do I drive internet traffic to the desired vlan name on the host >> using a registered domain name? >> >> My rc.conf has this >> >> ifconfig_re0="DHCP" >> gateway_enable="YES" >> >> vlans_re0="1 2 3" >> >> # vlan_1Â is for the host >> # vlan_2Â is for vnet jailA >> # vlan_3Â is for vnet jailB >> >> Final goal is to drive traffic from the public internet using a fqdn to >> the vnet jailA. > > I strongly suggest you read up more about networking because it's > obvious you don't really understand it. All network traffic goes to *IP > addresses* not domains. DNS says what addresses to use for a specific > domain, but *all* connection attempts, whatever the protocol, are to a > specific numeric IP address. Yes, protocols like HTTP then accept a host > specification for further "routing" but that happens *after* the initial > connection is made. > > If you want to run N jails with N different domains, all with their own > traffic to arbitrary ports, you are going to need at least N different > IP addresses. > I agree with you that I am not a network guru, but I do have a general big picture understanding. Problem with the network manuals I have read is they do not give real world examples showing how to implement the concepts talked about. They contain NO cross over reference to vnet jails. Also all the public literature on vnet jails never talk about how to drive public traffic to a vnet jail or that vnet jails are limited to requiring a virgin public ipv4 address for the vnet jails sole use. After all the reading and trial and error attempts I come here to ask questions to get the answers only someone with vnet experience can answer. Hoping that is you. As I understand it vnet jails have to have their own host interface device with a public ip address that is not already in use by the host. This translates to a business type of ISP account to get 3 static ipv4 public addresses. This is a very expensive setup just to do some concept testing to be able to write a business proposal for in house IT management. Now last month a guy posted on the questions list that he was using vlan tags to separate his single dynamic public ip address into 4 vlan tags. One for the host and 3 for vnet jails. He states he can ping the public internet from inside of the vnet jails using this concept. But the part missing is how to drive public traffic to the vlan tagged vnet jail. So I ask the question to you again. Is there a way to configure a domain name setup to not only point to the hosts public ip address but also to its layer 2 vlan tag? The srv record looked like a good candidate but could not find any mention of vlan tags. Or could it be the "A" record ip address field with something like this x.x.x.x_2 Where in the host vlan_2 is a vnet jail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5F37F4BD.5030301>