I have the following setup, my workstation contains a single NIC and it has its own IP assigned within the LAN /24 segment.
I have created a thick container and enabled vnet. I do so with the following .conf file (as per the current handbook):
Then, again following the handbook, in the host, I create the bridge and attach the interface:
I emphasize "in the host" because it is my understanding that the bridge needs to be created in the host, not in the container.
So far so good, the jail works perfectly and I suppose that my network stack is different for the container now (I say I suppose because I do not know how to verify it).
Now imagine that I want to create another container/jail.
I would replicate the process creating a new .conf:
Where only container name, bridge ID and IP of the container changed.
I am assuming that I shall repeat the same in the host, but I get an error while trying to add the same network interface to the bridge.
Is it actually possible to have VNET for several containers? If so, what am I misunderstanding from the handbook?
I have created a thick container and enabled vnet. I do so with the following .conf file (as per the current handbook):
Code:
client {
# STARTUP/LOGGING
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_console_${name}.log";
# PERMISSIONS
allow.raw_sockets;
exec.clean;
mount.devfs;
devfs_ruleset = 5;
# HOSTNAME/PATH
host.hostname = "${name}";
path = "/usr/local/jails/containers/${name}";
# VNET/VIMAGE
vnet;
vnet.interface = "${epair}b";
# NETWORK
$id = "201";
$ip = "192.168.1.${id}/24";
$gateway = "192.168.1.1";
$bridge = "bridge0";
$epair = "epair${id}";
# ADD TO bridge INTERFACE
exec.prestart += "ifconfig ${epair} create up";
exec.prestart += "ifconfig ${epair}a up descr jail:${name}";
exec.prestart += "ifconfig ${bridge} addm ${epair}a up";
exec.start += "ifconfig ${epair}b ${ip} up";
exec.start += "route add default ${gateway}";
exec.poststop = "ifconfig ${bridge} deletem ${epair}a";
exec.poststop += "ifconfig ${epair}a destroy";
}Then, again following the handbook, in the host, I create the bridge and attach the interface:
Code:
# ifconfig bridge create
# ifconfig bridge0 addm em0I emphasize "in the host" because it is my understanding that the bridge needs to be created in the host, not in the container.
So far so good, the jail works perfectly and I suppose that my network stack is different for the container now (I say I suppose because I do not know how to verify it).
Now imagine that I want to create another container/jail.
I would replicate the process creating a new .conf:
Code:
server {
# STARTUP/LOGGING
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_console_${name}.log";
# PERMISSIONS
allow.raw_sockets;
exec.clean;
mount.devfs;
devfs_ruleset = 5;
# HOSTNAME/PATH
host.hostname = "${name}";
path = "/usr/local/jails/containers/${name}";
# VNET/VIMAGE
vnet;
vnet.interface = "${epair}b";
# NETWORK
$id = "202";
$ip = "192.168.1.${id}/24";
$gateway = "192.168.1.1";
$bridge = "bridge1";
$epair = "epair${id}";
# ADD TO bridge INTERFACE
exec.prestart += "ifconfig ${epair} create up";
exec.prestart += "ifconfig ${epair}a up descr jail:${name}";
exec.prestart += "ifconfig ${bridge} addm ${epair}a up";
exec.start += "ifconfig ${epair}b ${ip} up";
exec.start += "route add default ${gateway}";
exec.poststop = "ifconfig ${bridge} deletem ${epair}a";
exec.poststop += "ifconfig ${epair}a destroy";
}Where only container name, bridge ID and IP of the container changed.
I am assuming that I shall repeat the same in the host, but I get an error while trying to add the same network interface to the bridge.
Code:
# ifconfig bridge create
# ifconfig bridge1 addm em0
ifconfig: BRDGADD em0: Device busyIs it actually possible to have VNET for several containers? If so, what am I misunderstanding from the handbook?
