vnet jail for local only or public access
Alexander Leidinger
Alexander at leidinger.net
Fri Jul 17 13:23:16 UTC 2020
Quoting Ernie Luzar <luzar722 at gmail.com> (from Fri, 17 Jul 2020
08:46:07 -0400):
> Trying to figure out how to configure a vnet jail so it is
> restricted to only being able to talk to other vnet jails on the
> same host IE: local only vnet jails. As different to being able to
> access the public internet type of vnet jails.
>
> Using the bridge/epair method of connecting vnet jails to the host.
> [ based on this how-to ]
> https://forums.freebsd.org/threads/vnet-jail-with-public-internet-access-using-the-bridge-epair-method.76071/
>
> It's my understanding that this behavior is controlled by if the
> hosts interface connected to the public internet is added as a
> member to the bridge the vnet jails epairXa interfaces were members
> of.
Partly correct. You can also have a setup where your host is routing
between what you call the public internet and the local only vnets.
> I tested this on a remote vm and found that it made no difference
> one way or the other if the hosts interface connected to the public
> internet was added as a member to the bridge or not. In both cases
> the vnet jail had public internet access.
It shouldn't, if there is no routing involved.
Please show us "ifconfig -a" and "netstat -rn" of the host.
Bye,
Alexander.
--
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild at FreeBSD.org : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20200717/4dad198f/attachment.sig>
More information about the freebsd-jail
mailing list