Jail vnet features

Marcin Michta marcin.michta at gmail.com
Sun Jul 13 16:27:44 UTC 2014 

>
>wishmaster wrote:
>> 
>>  
>>  --- Original message ---
>>  From: "Fbsd8" <fbsd8 at a1poweruser.com>
>>  Date: 11 July 2014, 16:49:08
>>   
>> 
>> 
>>> Marcin Michta wrote:
>>>> Hello,
>>>>
>>>>
>>>>
>>>> I want to ask what are advantages and disadvantages using VNET?
>>>>
>>>> I know that it allows each jail to have a private networking stack, 
>>>> but what else?
>>>>
>>>>
>>>>
>>>> Regards
>>>>
>>>> Marthin
>>>>
>>> Its experimental, it has many bugs posted in PR system, loses memory 
>>> every time a vnet jail is stopped, firewalls in vnet jail don't work, 
>>> other that these show stoppers, use at your own risk.
>> 
>> Hey, man. Stop panic!
>> 
>> Firewall works very well. Memory leak on shutdown it is not very big problem.
>> Main advantage for me is: I am able to filtering and prioritization traffic coming thought base system. My vnete'ed jails is like a regular LAN clients and they share INET pipe with appropriate weight. I use ipfw.
>> 
>
>
>Oh ya, host panic on boot is another common happing with vimage and firewall ipf and pf trying to run inside of a vnet jail and on the host at the same time.
>
>Many people DO consider any kind of memory leak in kernel software such as vimage is a really big show stopper for not using it in a production system.
>
>If you read a little bit closer the previous post you will see it's talking about firewall running inside of a vnet/vimage jail. It doesn't
> say anything about running a host firewall directing traffic to a ip number assigned to a vnet jail.
>
>Here is a list of some of the vnet outstanding PR's
>
>143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763, 165252, 176112, 176929, 178480, 178482, 179264, 182350, 185092, 188010, 191468
>
>vnet/vimage is experimental and should never be used in a production system and be exposed to the public network. It is not a secure software configuration. Sure you can disregard all warnings and common sense and risk >your host system, thats your choice.

I didn't know about these problems
I'll check these PR
Thanks for help for you all :)

Regards
Marthin

More information about the freebsd-jail mailing list