vimage and jail networking

Nathan Aherne nathan at vuid.com
Tue Dec 1 05:48:31 UTC 2015 

Thank you for helping me to understand vimage better Julian! I have read all three links you posted a number of times.

I use iocage for jail management and it uses epair. From your comments it seems you recommend netgraph?

This is the link to the iocage image instructions - https://iocage.readthedocs.org/en/latest/networking.html#configuring-a-vnet-jail <https://iocage.readthedocs.org/en/latest/networking.html#configuring-a-vnet-jail>. It seems that iocage does a number of things automatically or at least I am still confused on how to use iocage and vimage to have multiple jails share a single public (external) IP. I will continue to read the links you sent me in the hopes that the ahah moment comes to me.

Regards,

Nathan

> On 1 Dec 2015, at 1:45 pm, Julian Elischer <julian at freebsd.org> wrote:
> 
> On 1/12/2015 8:32 AM, Nathan Aherne wrote:
>> Hi Everyone!
>> 
>> I am having trouble getting my head around vimage and jail networking. I would like for my jails to have private IPs (10.0.0.0/24) and only use a single public IP.
>> 
>> I am having a hard time finding tutorials or information on how to structure my network. My first thoughts were to clone the loopback interface (have the jails on it) but then I get lost with how to configure the bridging. I found this tutorial on the subject - http://wiki.polymorf.fr/index.php/Howto:FreeBSD_jail_vnet <http://wiki.polymorf.fr/index.php/Howto:FreeBSD_jail_vnet> but I am unsure how the bridging works as the bridge interface does not seem to be bridged to anything.
>> 
>> I would really appreciate it if someone could point me in the correct direction.
> 
> It seems to me you are thinking of it in the wrong way.
> think of the vimage jails as completely separate machines.
> they are connected by virtual point-to-point networks (if you use epair) or by a virtual ethernet (if you use netgraph).
> 
> how would you do it if you had  one nat router and a bunch of real machines on the 10 network behind it?
> 
> check out, amongst  other things: http://devinteske.com/wp/vimage-jails-on-freebsd-8/
> also please first look on your own machine in /usr/share/examples/netgraph and especially look at the
> virtual.chain and virtual.lan examples
> I think they do exactly what you want.
> 
> 
>> 
>> Regards,
>> 
>> Nathan
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>> 
>

More information about the freebsd-net mailing list