Hi all,
I'm trying to setup a separate subnet for my jails, and I think I have everything setup correctly, but am unsure.
Here is the Switch:
Trunk 1 is the firewall, Trunk 2 is the server.
I know my switch and lagg work because my server gets internet on its default route
On the server, the lagg interface is setup as such, with the tagged vlan interface of my jails:
Then we have the bridge for the repair interfaces with my lagg interface, all tagged:
And the epair interface for the jail I'm trying to setup, on the host side:
In the host /etc/jail.conf:
And in the jail:
The routes from inside the jail:
The /etc/resolv.conf file on the host:
The jails only have the second line, and are set to use that "10.13.13.13" as the default gateway.
I think this is all correct, however im unable to ping the host:
On the host the /etc/rc.conf file has these lines:
I was pretty sure this would work.
I have tried no IP address on the bridge, and tried to tag it but it wouldn't create the interface.
Thanks for your time.
I'm trying to setup a separate subnet for my jails, and I think I have everything setup correctly, but am unsure.
Here is the Switch:
Code:
trunk 45-48 Trk2 LACP
Code:
vlan 23
name "Jails"
tagged 23,Trk1-Trk2
no ip address
exitI know my switch and lagg work because my server gets internet on its default route
On the server, the lagg interface is setup as such, with the tagged vlan interface of my jails:
Code:
lagg0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=81049b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,VLAN_HWFILTER>
ether 00:1b:21:8b:ac:f9
laggproto lacp lagghash l2,l3,l4
laggport: em0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: em1 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: em2 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: em3 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
groups: lagg
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Code:
lagg0.23: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=401<RXCSUM,LRO>
ether 00:1b:21:8b:ac:f9
inet 10.13.13.1 netmask 0xffffff00 broadcast 10.13.13.255
groups: vlan
vlan: 23 vlanpcp: 0 parent interface: lagg0
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>Then we have the bridge for the repair interfaces with my lagg interface, all tagged:
Code:
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:41:ff:d9:22:00
inet 10.13.13.12 netmask 0xffffff00 broadcast 10.13.13.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: epair1a.23 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 17 priority 128 path cost 2000
member: epair0a.23 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 16 priority 128 path cost 2000
member: lagg0.23 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 14 priority 128 path cost 2000000
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>And the epair interface for the jail I'm trying to setup, on the host side:
Code:
epair1a.23: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:b3:7a:1a:c8:0a
inet 10.13.13.3 netmask 0xffffff00 broadcast 10.13.13.255
groups: vlan
vlan: 23 vlanpcp: 0 parent interface: epair1a
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>In the host /etc/jail.conf:
Code:
allow.raw_sockets;
vnet;
www {
vnet.interface = "epair0b";
path = "/usr/jails/www";
persist;
mount.devfs;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}And in the jail:
Code:
epair1b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:b3:7a:1a:c8:0b
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
epair1b.23: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:b3:7a:1a:c8:0b
inet 10.13.13.101 netmask 0xffffff00 broadcast 10.13.13.255
groups: vlan
vlan: 23 vlanpcp: 0 parent interface: epair1b
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>The routes from inside the jail:
Code:
default fw UGS epair1b.
10.13.13.0/24 link#3 U epair1b.The /etc/resolv.conf file on the host:
Code:
nameserver 10.11.11.11
nameserver 10.13.13.13
nameserver 10.20.20.20
nameserver 127.0.0.1The jails only have the second line, and are set to use that "10.13.13.13" as the default gateway.
I think this is all correct, however im unable to ping the host:
Code:
# ping 10.13.13.1
PING 10.13.13.1 (10.13.13.1): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
^C
--- 10.13.13.1 ping statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss
#On the host the /etc/rc.conf file has these lines:
Code:
defaultrouter="10.11.11.11"
gateway_enable="YES"
static_routes="server jails vm"
route_server="-net 10.11.11.0/24 10.11.11.11"
route_jails="-net 10.13.13.0/24 10.13.13.13"
route_vm="-net 10.20.20.0/24 10.20.20.20"I was pretty sure this would work.
I have tried no IP address on the bridge, and tried to tag it but it wouldn't create the interface.
Thanks for your time.
