Running PPPoE server in jail, possible with VNET?

[Eugene Grosbein]

22.02.2019 2:41, BulkMailForRudy wrote:
> 
> On 2/20/19 1:13 PM, Eugene Grosbein wrote:
>> 21.02.2019 3:37, BulkMailForRudy wrote:
>>
>>> Dear FreeBSD-net,
>>>
>>> PPPoE has some broadcast ethernet frames...
>>>
>>> I have epair0a on my bridge and epair0b in the jail, but the jail doesn't get any PADI (PPPoE packets destinged to ff:ff:ff:ff:ff:ff).
>>>
>>> Is there a way to have bridge pass broadcast ethernet frames? (tcpdump in the jail shows no PADI packets)
>>>
>>> Right now, I have netgraph cranking out ncX devices for the PPPoE clients, and I'd like to stuff that mess in a jail so I can run ifconfig on the host and not see a mess.
>> You do not need jail to limit output of ifconfig.
>> Each network interface in FreeBSD can belong to one or more interface groups.
>> First add all your interfaces except of ng* to some new interface group with ifconfig(8), then use:
>>
>> alias ifconfig='/sbin/ifconfig -g groupname'
>>
>> Or create new short alias ifc='/sbin/ifconfig -g groupname'
>> for short output.
> 
> That's neat,  "ifconfig -g epair" shows all my epairs.   My primary question, if anyone knows:
> 
>  Is there a way to have bridge pass broadcast ethernet frames?
> 
> My goal is to run the PPPoE service inside a jail.

I have not tried running PPPoE service inside a jail and a would not recommend that,
but I did run PPPoE client running inside VirtualBox Windows guest using tap(4) for bridged networking
when tap(4) was bridged with host's vlan(4) interface using if_bridge(4)
and PPPoE ran in both directions just fine to establish and run a session.

You need to read bridge(4) manual page, section PACKET FILTERING
and disable all kinds of filtering using sysctls documented there.