state of the art ?
zulu
zulu at openvps.biz
Sat Apr 27 10:16:23 UTC 2013
Have not used dummynet but a good starting point could be the official
IPFW Handbook section
http://www.freebsd.org/doc/handbook/firewalls-ipfw.html.
Just treat your jails as you would a physical host with firewall
rules. One caveat to watch out for is that after enabling IPFW on your
host all jails will have a default deny rule and each jail will need
to have a rule added to allow traffic in/out.
Also make sure your bridge contains your real NIC if you want to talk
to hosts beyond your jail environment (standard networking things -
man pages are your friends, ifconfig, bridge, route, etc.).
Cheers,
Peter
On Saturday, 27-04-2013 on 21:37 Laurent Alebarde wrote:
zulu writes:
>
> Try and exclude altq and pf from kernel - make them a loadable
module
> instead (just to rule out these).
>
Thanks zulu, it works now. No crash, and I can ping my zjail.
I think I am going to drop pf completely until it is officially
compatible
with VIMAGE, and use IPFW.
Do you have a good link please for basic and elaborate (including
dummynet)
use of IPFW with zjails (I have not found very usefull things up to
now) ?
Cheers,
Laurent.
_______________________________________________
freebsd-jail at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to
"freebsd-jail-unsubscribe at freebsd.org"
More information about the freebsd-jail
mailing list