wishmaster wrote:
--- Original message ---
From: "Fbsd8" <fb...@a1poweruser.com>
Date: 11 July 2014, 16:49:08
Marcin Michta wrote:
Hello,
I want to ask what are advantages and disadvantages using VNET?
I know that it allows each jail to have a private networking stack, but what
else?
Regards
Marthin
Its experimental, it has many bugs posted in PR system, loses memory
every time a vnet jail is stopped, firewalls in vnet jail don't work,
other that these show stoppers, use at your own risk.
Hey, man. Stop panic!
Firewall works very well. Memory leak on shutdown it is not very big problem.
Main advantage for me is: I am able to filtering and prioritization traffic
coming thought base system. My vnete'ed jails is like a regular LAN clients and
they share INET pipe with appropriate weight. I use ipfw.
Oh ya, host panic on boot is another common happing with vimage and
firewall ipf and pf trying to run inside of a vnet jail and on the host
at the same time.
Many people DO consider any kind of memory leak in kernel software such
as vimage is a really big show stopper for not using it in a production
system.
If you read a little bit closer the previous post you will see it's
talking about firewall running inside of a vnet/vimage jail. It doesn't
say anything about running a host firewall directing traffic to a ip
number assigned to a vnet jail.
Here is a list of some of the vnet outstanding PR's
143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763, 165252,
176112, 176929, 178480, 178482, 179264, 182350, 185092, 188010, 191468
vnet/vimage is experimental and should never be used in a production
system and be exposed to the public network. It is not a secure software
configuration. Sure you can disregard all warnings and common sense and
risk your host system, thats your choice.
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
