vimage-assigning interface to jail
remodeler
remodeler at alentogroup.org
Fri Oct 2 18:24:30 UTC 2009
Thank you to Julian for his kind response on my original question. I have
succeeded with the "jail [...] vnet [...]" syntax Julian suggested. I looked
through the /etc/rc.d/jail script and discovered why I cannot start a vnet
jail with the rc mechanism - the vnet parameter to jail requires the -c flag,
and the /etc/rc.d/jail script uses alternate syntax precluding the -c flag
(instead of named parameters, it uses the four fixed parameters of path,
hostname, ip, and command).
I wonder if someone might help with a problem I am unable to resolve. I have
no network connectivity from the vnet jail. I have opened the jail completely
up for testing, mounting the host devfs, procfs, allowing raw sockets, and
setting socket_unixiproute_only=0. I get the error message:
PING 192.168.0.16 (192.168.0.16): 56 data bytes
ping: sendto: No route to host
and
vimage testvnet route get default
route: writing to routing socket: No such process
I've read some of Julian's work on implementing FIB's (multiple kernel routing
tables) - do I need to create and bind a route table (and socket) to the vnet?
How do I do so?
Also, I developed a local rc.d script that flexibly combines starting my
vnet'd service jails and initiating the netgraph subsystem to bridge the
virtual network stacks (jails) and physical ethernet interface using ng_ether,
ng_eiface, and ng_bridge nodes. I intend to migrate the various security
checks from /etc/rc.d/jail into my local script. That script uses a local
configuration file with syntax similar to rc.conf for the jail values, but I
don't see a clean way to load a netgraph configuration (and also notice there
isn't a netgraph rc script, but examples for setting up local scripts). Is it
a reasonable thought to parse a vizgraph dot file for netgraph configuration
in my script?
Thank you in advance.
More information about the freebsd-net
mailing list