Jails - vnet- netgraph

petru garstea peter.garshtja at ambient-md.com
Wed Jan 27 02:59:11 UTC 2021 

Hi Ernie,

     jib script is working fine, however in my current setup I need to 
emulate bridge interface with netgraph subsystem, I tried to manage that 
part with jng script with no luck then I decided to create the netgraph 
bridge manually using ngctl client and in the end the result was the same.

In the recent FreeBSD magazines it was mentioned that "bridging" was 
refactored and I would like to know if that might be impacted the 
netgraph bridge.

Please advise

Cheers,

Petru Garstea

On 1/26/21 12:53 PM, Ernie Luzar wrote:
> petru garstea wrote:
>> Greetings FreeBSD community,
>>
>>
>>     OS: FreeBSD sun 12.2-RELEASE-p1 FreeBSD 12.2-RELEASE-p1 
>> GENERIC  amd64
>>
>>
>> I am trying to build a netgraph vnet jail with support of official 
>> jng script that comes with FreeBSD and developed by Devin Teske.
>>
>> jail.conf file
>>
>> netgraph {
>>   devfs_ruleset = 13;
>>   enforce_statfs = 2;
>>   exec.clean;
>>   exec.consolelog = /var/log/bastille/netgraph_console.log;
>>   exec.start = '/bin/sh /etc/rc';
>>   exec.stop = '/bin/sh /etc/rc.shutdown';
>>   host.hostname = netgraph;
>>   mount.devfs;
>>   mount.fstab = /usr/local/bastille/jails/netgraph/fstab;
>>   path = /usr/local/bastille/jails/netgraph/root;
>>   securelevel = 2;
>>
>>   vnet;
>>   vnet.interface = e0b_bastille0;
>> # exec.prestart += "jib addm bastille0 re0";
>> # exec.poststop += "jib destroy bastille0";
>>   exec.prestart += "jng bridge netgraph re0";
>>   exec.poststop += "jng shutdown netgraph" ;
>> }
>>
>> When I start the jail, netgraph subsystem raise the following exception
>>
>> ngctl: send msg: No such file or directory
>> jail: netgraph: jng bridge netgraph re0: failed
>>
>> I tried also to create the netgraph bridge with not using jng script
>>
>> ngctl mkpeer re0: bridge lower link0
>> ngctl: send msg: No such file or directory
>>
>>  From what I found it looks it used to work on FreeBSD 11.x and 
>> stopped working in version 12.
>>
>> Any thoughts ?
>>
>> Please advise
>>
>>
>> Cheers,
>>
>> Petru Garstea
>>
>
> Don't see any reply so I will try to help you.
> If I remember correctly the jib and jng was added as documentation 
> back around freebsd 10.00. I have tried to get it to work 10+, 11+ 
> ,12+ with no joy. There is something missing but can not tell what it 
> is. The jail environment has gone through many changes over time so no 
> wonder jib/jng don't work now.
>
> Netgraph is a complete subsystem for network configuration that has 
> it's own syntax and commands. The learning curve is pretty great. 
> There is a outstanding bug and Devin Teske & (she) has taken up the 
> bug. Hopping 13 holds the bug fix.
>
>
>
>
>
>
>
>
>

More information about the freebsd-jail mailing list