vimage-assigning interface to jail

Julian Elischer julian at elischer.org
Fri Oct 2 23:38:44 UTC 2009 

remodeler wrote:
> Hi:
> 
>> Without doing anything extra except booting, (with no jails started),
>> what happens when you duplicate my commands in the previous email?
> 
> #jail -c host.hostname=test path=/ vnet persist
> 
> I substituted persist parameter for command=/bin/tcsh in your example,
> otherwise the jail is destroyed when I exit the shell to enter the next command:
> 
> #ifconfig msk0 vnet 1
> 
> test# ifconfig
> lo0: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
>         options=3<RXCSUM,TXCSUM>
>         maclabel mls/equal(equal-equal)
> msk0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>         options=11a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4>
>         ether 00:23:54:08:2b:f7
>         maclabel mls/low(low-low)
>         media: Ethernet autoselect
> 
> test#ifconfig msk0 172.28.15.1/24
> 
> test#netstat -rn
> netstat: kvm not available: /dev/mem: Permission denied
> Routing tables
> rt_tables: symbol not in namelist

in the jail do:
ls -l /dev/*mem

> 
> test# route add default 192.168.0.1
> route: writing to routing socket: Network is unreachable
> add net default: gateway 192.168.0.1: Network is unreachable

quite correct

think of these as two separate machines. one is on 192.168.0.x
and the other is on 172....

obviously the one on 172..... can not set a default route of 192.x.x.x
as it can't reach that address.

unlike non vnet jails, vnet jails have *completely* separate network
stacks and can not communicate with each other except via the wire (or 
via an pretend wire) (see the epair driver).


> 
> #test# route add default 172.28.15.2
> add net default: gateway 172.28.15.2
> 
> The host's IP address is set to 192.168.0.10, with a default route of
> 192.168.0.1 -- the route command succeeded when I used your example, although
> netstat -rn still fails with the same output as above. In my earlier
> correspondences, I was pushing a ng_eiface node to the jail instead of the
> physical ethernet device.

looks like you need to allow it to access /dev/(k)mem somehow.


> 
> Thank you.
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list