vnet netgraph mehrere interfaces in jail zuweisen....wie?

mr44er

moderater Moderator
Teammitglied
Anhand https://lists.freebsd.org/pipermail/svn-src-head/2016-February/082256.html habe ich die jail.conf geschrieben.

So funktionierts leider nicht:

Code:
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;


router {
        host.hostname = "router";   # hostname
        path = "/jails/router";     # root directory
#       ip4.addr = 10.0.8.7;


        vnet;
        vnet.interface = "ng0_router ng1_router";               # vnet interface(s)
        exec.prestart += "jng bridge router em0 em1";   # bridge interface(s)
        exec.poststop += "jng shutdown router";      # destroy interface(s)
 
        exec.system_user = "root";
        exec.jail_user = "root";

 
        exec.consolelog = "/var/log/jail_router_console.log";
        mount.devfs;
        allow.raw_sockets;
        devfs_ruleset="5";
        }

Code:
root@buildbox:/etc # jail -c router
router: created
ifconfig: interface ng0_router ng1_router does not exist
jail: router: /sbin/ifconfig ng0_router ng1_router vnet router: failed
router: removed

Entferne ich n1_router und em1, dann klappt das wie es soll. Das interface verschwindet vom host und taucht nur in der jail auf. Was überseh ich?
 
Da ist echt nicht mehr feierlich...

Das klappt so nicht, weil ifconfig auf einmal nicht 2 interfaces frisst.

Gebastel:
Code:
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;


router {
        host.hostname = "router";   # hostname
        path = "/jails/router";     # root directory
#       ip4.addr = 10.0.8.7;


        vnet;
        #vnet.interface = "ng0_router";               # vnet interface(s)
        exec.prestart = "jng bridge router em0 em1";   # bridge interface(s)


        exec.poststart = "ifconfig ng0_router vnet router";
        exec.poststart += "ifconfig ng1_router vnet router";
        exec.start = "sh /etc/rc";



        exec.poststop += "jng shutdown router";      # destroy interface(s)

        exec.system_user = "root";
        exec.jail_user = "root";


        exec.consolelog = "/var/log/jail_router_console.log";
        mount.devfs;
        allow.raw_sockets;
        devfs_ruleset="5";
        }

Das schiebt mir zumindest nach jailstart 'ng0_router' und 'ng1_router' in die jail. Anhand der MAC-Adressen sehe ich, dass das passt.

Die jail weist aber nicht die ips zu.
rc.conf
Code:
ifconfig_ng0_router="inet 192.168.100.3/24"
ifconfig_ng1_router="inet 192.168.0.1/24"

Führe ich in der jail händisch 'sh /etc/rc' aus, klappts

exec.start = "sh /etc/rc"; in jail.conf bringt nichts. Lasse ich es raus, klappts auch nicht. Dann hab ich noch versucht per exec.start = "ifconfig ng0_router inet 192.168.100.3/24"; die ips zu setzen, dann startet die jail gar nicht. :confused:
 
Code:
#exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;


router {
        host.hostname = "router";   # hostname
        path = "/jails/router";     # root directory

        vnet;
        vnet.interface = "ng0_router";               # vnet interface(s)

        exec.prestart = "jng bridge router em0 em1";   # bridge interface(s)

        exec.poststart = "ifconfig ng1_router vnet router";
        exec.poststart += "jexec router /bin/sh /etc/rc";

        exec.poststop = "jng shutdown router";      # destroy interface(s)

        exec.system_user = "root";
        exec.jail_user = "root";

        exec.consolelog = "/var/log/jail_router_console.log";
        mount.devfs;
        allow.raw_sockets;
        devfs_ruleset="5";
        }

So klappts....aber das ist doch häßliches Gebastel. Soll das so? :ugly:
 
Zurück
Oben