deploy multiple vnets with VIMAGE/VNET + Production Ready?
wishmaster
artemrts at ukr.net
Mon May 30 18:47:00 UTC 2016
Hi,
> Hi to everyone!
> I want to deploy several "jailed" firewalls, where each one of them would contain at least three multiple virtual interfaces (associated with virtual internal nets) like "WAN", "LAN" and "DMZ" for example...
> First *innocent* question (I beg you pardon for my ignorance dealing with jails!) Can vnet/vimage help me deploy such a complex jailed environment???
Yes. If you need help you can email me privately.
> Secod *innocent* question, so far so good, reading at jail manpage (circa July 6, 2015/FreeBSD 10.3) it seems VNET/VIMAGE is fully integrated to the FreeBSD kernel, is VNET/VIMAGE ready for production level???
Yes. I have been using vneted Jail from 10.0 in quite complex scenarios. Yes, there are some open issues with vnet (pf, memory leak on stopping jail and so on), but I think in 11-RELEASE this bugs will be fixed. Currently Bjorn Zeeb works on this problems. See https://svnweb.freebsd.org/base/projects/vnet/
But for now, you can safely use vnet. Just use IPFW and do not start/stop jails needlessly.
> As a side note, at the host level would a be some kind of API/service that would deal with pfctl in order to rule flows between all of them...
> Best regards,Seba
--
Vitaliy
More information about the freebsd-jail
mailing list