VNET, if_bridge, if_epair, vlans and bridged phy?
Kevin Bowling
kevin.bowling at kev009.com
Mon Mar 17 03:04:23 UTC 2014
I'm trying a somewhat elaborate VNET jails setup and for the most part
it's working. I'm using if_epairs, one side that gets passed into the
jail, and the other side that attaches to an if_bridge. The if_bridge
has a member on a vlan interface. So far so good.
cloned_interfaces="bridge0 bridge1 bridge2 vlan0 vlan1"
ifconfig_ix0="inet <pub ip> netmask 255.255.255.240 up"
ifconfig_vlan0="vlan 1010 vlandev ix0"
ifconfig_vlan1="vlan 1011 vlandev ix0"
ifconfig_bridge1="inet 10.10.10.55/24 addm vlan0 description vlan0"
ifconfig_bridge2="inet 10.10.11.55/24 addm vlan1 description vlan1"
The above works fine, the VNET jails are able to access the outside
world and vis versa (NAT happens on a dedicated router, not this host).
Now, if I instead do something like this to add the public IP to a bridge:
ifconfig_ix0="up"
ifconfig_vlan0="vlan 1010 vlandev ix0"
ifconfig_vlan1="vlan 1011 vlandev ix0"
ifconfig_bridge0="inet <pub ip> netmask 255.255.255.240 addm ix0
description ix0"
ifconfig_bridge1="inet 10.10.10.55/24 addm vlan0 description vlan0"
ifconfig_bridge2="inet 10.10.11.55/24 addm vlan1 description vlan1"
A VNET jail on bridge0 in the public IP space works fine, but bridge1
and bridge2 are no longer accessible from the outside, including the
host interface like 10.10.10.55.
Any ideas on what could be going wrong? Is there a way to use an
untagged interface like this in addition to the tagged ones?
Regards,
Kevin
More information about the freebsd-net
mailing list