On May 30, 2013, at 2:29 PM, Joe <fb...@a1poweruser.com> wrote:
> Pietro Paolini wrote:
>> Hello all,
>> I am a new bye on the FreeBSD and I am looking at the VIMAGE features
>> experiencing some problems.
>> I added the options :
>> VIMAGE
>> if_bridge
>> and I removed
>> STCP
>> then I recompiled my kernel and install it.
>> After that, following this tutorial
>> http://imunes.tel.fer.hr/virtnet/eurobsdcon07_tutorial.pdf I tried the
>> "Exercise 2" which consist on the following commands:
>> vimage -c n1
>> vimage -c n2
>> ngctl mkpeer efface ether ether
>> ngctl mkpeer efface ether ether
>> ngctl mkpeer em0: bridge lower link0
>> ngctl name em0:lower bridge0
>> ngctl connect em0: bridge0: upper link1
>> ngctl connect ngeth0: bridge0: ether link2
>> ngctl connect ngeth1: bridge0: ether link3
>> vimage -i n1 ngeth0 e0
>> But my virtual interface on the n1 vimage does not receive any packet from
>> the external network while I can see the packet go out from it.
>> For instance using DHCP, e0 on n1 sends DHCP packets but it does not receive
>> the answers (which are send, I verified it from wireshark), in adding
>> the ARP request for his IP address (if I try to add it statically) are not
>> received then it can not answer.
>> At the end of the line the question is: how can I make this "virtual
>> network" and the external real network be able to communicate ?
>> Thanks in advance.
>> Pietro.
>
> 1. That link is from 2007. So very much has changed since then.
> There are more current links on the internet about this subject. Most are for
> 8.X releases.
>
> 2. If your running 8.2-RELEASE or 9.1-RELEASE all you need to add is "options
> vimage" statement to your kernel source and recompile.
>
> 3. There are 2 networking methods available for creating vnet/vimage jail
> networks, if_bridge/epair and netgraph. The if_bridge/epair method is far
> simpler to config and use then the netgraph method.
>
> 4. There are 2 methods of jail setup, the rc.d method where your jail
> definition parameters go into the hosts rc.conf and the jail(8) method where
> you can place each jails definition parameter in separate files.
>
> 5. There are two very important show stopper PRs on vimage,
> 164763 memory leak and 149050 the rc.d keyword "nojail" problem.
> Vimage is a very long way from prime time usage, thats why it's labeled as
> highly experimental. Host system freezes and page faults are common.
>
> 6. When it comes to running a firewall in a vnet/vimage jail your limited to
> IPFW and it has limitations. Dummynet and in kernel NAT cause system freezes.
> IPFILTER causes page fault at boot time. PF will run on the host but not run
> in the vnet/vimage jail. Here are a bunch of PRs on vimage firewall problems,
> 143621, 176092, 161094, 176992, 143808, 148155, 165252, 178480, 178482
>
>
> Check out these links
>
> http://druidbsd.sourceforge.net/vimage.shtml
> http://devinteske.com/vimage-jails-on-freebsd-8
> http://lists.freebsd.org/pipermail/freebsd-virtualization/2011-September/000747.html
>
> http://bsdbased.com/2009/12/06/freebsd-8-vimage-epair-howto
> http://zewaren.net/site/?q=node/78
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Thanks so much, really interesting and good links but I can't again accomplish
my task - I followed
http://bsdbased.com/2009/12/06/freebsd-8-vimage-epair-howto as a base tutorial
-
I would like simulate more client for my PC using this technology, and that's
my topology:
1 - Two epairs created
2 - Two jail created
3 - Assign one intf for jail
4 - Add the real interface to a bridge where I put all the interfaces
-------
JAIL1
0b
-------
-------
JAIL2
1b
-------
-------
HOST
0a
1a
em0 --> REAL
-------
Where {0,1}a is the first pair and {0,1}b is the second and em0 is my real
interface (it has an IP address), then I got to the problem, I tried
to :
jexec 2 dhclient epair1b
And I can see the DHCP packet with the correct MAC address going out, the
server reply (I have a sniffer pc) but the transaction does not end
successfully, what is really strange is that if I attach tcpdump on em0 I can
NOT see the answer server sends while when I try
dhclient em0
I can see the packet going in and out and the DHCP transaction finish
successfully. Do you have any idea about how can I accomplish my
target ? Maybe I am using the wrong technology ?
I would not surprised if I make a error on my configuration but what really
interest me is if I CAN do that using jail.
Thanks a lot, and in advance ! :-)
Pietro.
>
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
