How do I create a cloned interface when there is no static connection?
Joe Nosay
superbisquit at gmail.com
Sun Mar 9 21:22:03 UTC 2014
On Sat, Mar 8, 2014 at 11:31 AM, Joe Nosay <superbisquit at gmail.com> wrote:
>
>
>
> On Fri, Mar 7, 2014 at 10:52 PM, Joe Nosay <superbisquit at gmail.com> wrote:
>
>>
>>
>>
>> On Fri, Mar 7, 2014 at 10:37 PM, Joe Nosay <superbisquit at gmail.com>wrote:
>>
>>>
>>>
>>> On Fri, Mar 7, 2014 at 10:00 PM, Joe Nosay <superbisquit at gmail.com>wrote:
>>>
>>>>
>>>>
>>>>
>>>> On Fri, Mar 7, 2014 at 2:08 AM, <dteske at freebsd.org> wrote:
>>>>
>>>>>
>>>>>
>>>>> > -----Original Message-----
>>>>> > From: Joe Nosay [mailto:superbisquit at gmail.com]
>>>>> > Sent: Thursday, March 6, 2014 6:52 PM
>>>>> > To: Devin Teske
>>>>> > Cc: FreeBSD Hackers; Eugene Grosbein
>>>>> > Subject: Re: How do I create a cloned interface when there is no
>>>>> static
>>>>> > connection?
>>>>> >
>>>>> > On Thu, Mar 6, 2014 at 2:47 PM, <dteske at freebsd.org> wrote:
>>>>> >
>>>>> > >
>>>>> > >
>>>>> > > > -----Original Message-----
>>>>> > > > From: Eugene Grosbein [mailto:eugen at grosbein.net]
>>>>> > > > Sent: Thursday, March 6, 2014 10:03 AM
>>>>> > > > To: Joe Nosay
>>>>> > > > Cc: FreeBSD Hackers
>>>>> > > > Subject: Re: How do I create a cloned interface when there is no
>>>>> > > > static connection?
>>>>> > > >
>>>>> > > > On 07.03.2014 00:39, Joe Nosay wrote:
>>>>> > > >
>>>>> > > > > I'll need a dummy interface inside of the that can be bridged
>>>>> to
>>>>> > > > > wlan0 outside of the jail. Normal jail with aliases.
>>>>> > > >
>>>>> > > > Try epair(4) and give one part of pair to jail and bridge another
>>>>> > > > part
>>>>> > > with
>>>>> > > > wlan0.
>>>>> > > >
>>>>> > >
>>>>> > > Never tried bridging a wlan with netgraph, but I wonder if the
>>>>> method
>>>>> > > I use for bridging Ethernet with netgraph would work...
>>>>> > >
>>>>> > > Using the ngctl command to create an ng_bridge and then multiple
>>>>> > > ng_eiface devices that you can be shoved into the jail.
>>>>> > >
>>>>> > > kldload ng_ether
>>>>> > > kldload ng_bridge
>>>>> > > kldload ng_eiface
>>>>> > > ngctl
>>>>> > > + mkpeer {IFACE}: bridge lower link0
>>>>> > > + connect {IFACE}: {IFACE}:lower upper link1
>>>>> > > + name {IFACE}:lower {IFACE}bridge
>>>>> > > + quit
>>>>> > > ifconifg {IFACE} up
>>>>> > > ngctl
>>>>> > > + msg {IFACE}: setpromisc 1
>>>>> > > + msg {IFACE}: setautosrc 0
>>>>> > > + mkpeer {IFACE}:lower eiface link{N} ether
>>>>> > > + name {IFACE}bridge:link{N}
>>>>> > > + show -n {IFACE}bridge:
>>>>> > > Name: ngeth0 Type: eiface ID: XXXXXXXX
>>>>> Num
>>>>> > > hooks: N
>>>>> > > + name {IFACE}bridge:link{N} {NEWIFACE}
>>>>> > > ifconfig ngeth0 name {NEWNAME}
>>>>> > > ifconfig {NEWNAME} vnet {JID}
>>>>> > >
>>>>> > > Taking care to replace the following from above:
>>>>> > > {IFACE} - the name of the interface you want to bridge (eg, em0)
>>>>> {N} -
>>>>> > > link number (starts at 2; increments by-one for each new eiface)
>>>>> > > {NEWIFACE} - the name of the new eiface (ngethN) device to create
>>>>> > > {JID} - the jail ID of the jail you want to shove the interface
>>>>> into
>>>>> > >
>>>>> > > Of course, never tried this with WiFi.
>>>>> >
>>>>> > I did not properly create the jail.conf script. I believe the file of
>>>>> /etc/rc.d/jail
>>>>> > should be followed; yet, there is no tutorial on setting it up.
>>>>> > My /etc/rc.conf file is also improperly setup. How? I don't know;
>>>>> but, I
>>>>> can tell
>>>>> > because the system will not boot completely and ctrl+C must be hit to
>>>>> allow
>>>>> > logging in.
>>>>>
>>>>> What release are you using? "uname -spr" is often succinct enough.
>>>>> --
>>>>> Devin
>>>>>
>>>>> _____________
>>>>> The information contained in this message is proprietary and/or
>>>>> confidential. If you are not the intended recipient, please: (i) delete the
>>>>> message and all copies; (ii) do not disclose, distribute or use the message
>>>>> in any manner; and (iii) notify the sender immediately. In addition, please
>>>>> be aware that any message addressed to our domain is subject to archiving
>>>>> and review by persons other than the intended recipient. Thank you.
>>>>>
>>>>
>>>>
>>>> FreeBSD 10.0-RELEASE amd64
>>>> The /etc/rc.d/jail script is interpreting the name at -G in
>>>> FreeBSD-Google_projects to be a command line option. I am going to see what
>>>> happens if I just change the name.
>>>>
>>>
>>>
>>> Ok.
>>> The jail.conf is in /etc, the name is without hypens or undescores, and
>>> the script dies with "/etc/rc no such file or directory" from jail.conf.
>>> There is a /etc/rc but I know that jail exists in /etc/rc.d?
>>> Wait a sec.
>>>
>>
>>
>> Okay.
>> Herein lies the problem: I used /bin/sh plus location of jail plus the
>> command to start and stop. The system does not seem to be able to find the
>> script. I have not ran /usr/libexec/locate.updatedb yet. That may help, I
>> don't know.
>> Hold a sec, let me test.
>>
>> exec.start = "/bin/sh /etc/rc.d/jail jail_start";
>> exec.stop = "/bin/sh /etc/rc.d/jail jail_stop";
>>
>>
>>
>>
>
> I have the start and stop commands incorrectly set up. Do I need the
> commands or are they automatic?
>
Attached is the pf.conf and the script for cloning lo0 while starting the
jail.
"jail -c /jails/FreeBSD-Google_projects" is an unknown parameter.
As you can tell, I am trying to solve the problem. Am I doing it right or
wrong? I am not able to tell so I need someone to tell me.
Something is wrong, I know. What did I do wrong here?
Why do I feel like all of you are mocking me and laughing at me?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pf.conf
Type: application/octet-stream
Size: 383 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20140309/d2b1808c/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jail_quick_start
Type: application/octet-stream
Size: 173 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20140309/d2b1808c/attachment-0001.obj>
More information about the freebsd-hackers
mailing list