jail(8) vimage epair bridge

[Joe]

Anders Hagman wrote:
> Hi
> 
> 24 apr 2013 kl. 22:07 skrev Joe <fbsd8 at a1poweruser.com>:
> 
>> Anders Hagman wrote:
>>> Hi
>>> 23 apr 2013 kl. 15:14 skrev Joe <fbsd8 at a1poweruser.com>:
>>>> Hello list
>>>>
>>>> I am using jail(8) trying to get a functional vimage environment on my
>>>> 9.1-RELEASE system. My PC only has a single real NIC facing the public
>>>> internet.
>>>>
>>>> My goal is to be able to have multiple vimage jails, each with
>>>> their own epairXa epairXb and bridgeX where the "X" is the jails JID
>>>> number all having their traffic passing through the single rl0 real
>>>> interface. The vnet.start script shown below handles this nicely.
>>>>
>>>> The problem is after the first vimage jail is started the rl0 interface
>>>> gets marked as busy when the second vimage jail is started.
>>> You don't need more the one bridge.
>>> Connect all epairXa and the rl0 interface to the bridge. Put the epairXb in the right jail.
>>> If you want separation. Create vlan interfaces.
>>> Connect them to rl0 and put them inside the jail.
>> Hello Anders;
>>
>> Now that I have an bridge, epair solution,
>> I would like to learn the vlan method you spoke about.
>> Would you please provide some details about how it could be done.
>> I have never used vlan before.
> 
> You need a vlan switch and a trunk connection between your server and the switch. 
> You need a router/firewall that handles vlans. m0n0wall.

What is your definition of a switch? Do you mean a hardware switch in 
the network cabling?

Are you saying ipfw, pf, and ipfilter DON'T handle vlans?

> 
> In your server create vlan interfaces:
> 
> Ifconfig vlan101 create vlan 101 vlandev rl0
> 
> Move the interface to a started jail
> 
> Ifconfig vlan101 vnet jailX
> 
> Connect to jail, config and test

What do you mean by config the jail?
Are there vlan commands that need to be run from inside of the jail?

For a second vimage jail would I do
Ifconfig vlan102 create vlan 102 vlandev rl0