My understanding is that I can bind multiple machines running netgraph into
one large netgraph, by using something like ng_ksocket nodes bound with a
tunneling device.
By doing this, is the restriction of one ng_ipfw node per netgraph global to
all of the machines (one, and only one, ng_ipfw node)
Is there any reason to prefer port-forwarding with ipfw (forward ipaddr) vs.
natd (-redirect_port), if I am using both subsystems in any case? I see natd
uses libalias and an ipfw divert port, so my thought is that the ipfw approach
would incur less overhead. Also, the ipfw approach permits a hostn
Hi:
> Without doing anything extra except booting, (with no jails started),
> what happens when you duplicate my commands in the previous email?
#jail -c host.hostname=test path=/ vnet persist
I substituted persist parameter for command=/bin/tcsh in your example,
otherwise the jail is destroyed
Julian wrote:
> I think you need to add a default rule for starters as there is no
> route to 192.168.x.x in your jail.
tempvnet# route show default
route: writing to routing socket: No such process
tempvnet# route add default 192.168.0.1
route: writing to routing socket: Network is unreachable
Thank you Glen: (sorry this copied twice to glen)
> Do you have your nameserver in /etc/resolv.conf ?
The jail and hostname both have /etc/resolv.conf set to a nameserver on the
local host. I get the same error message pinging to the private-space address
of the physical ethernet interface (the s
Thank you to Julian for his kind response on my original question. I have
succeeded with the "jail [...] vnet [...]" syntax Julian suggested. I looked
through the /etc/rc.d/jail script and discovered why I cannot start a vnet
jail with the rc mechanism - the vnet parameter to jail requires the -c f
I am experimenting with a vimage-enabled 8.0 kernel with multiple jails. I use
the rc.d method to start jails, because of the warning in /etc/rc.d/jails
about security. I would like to associate a vnet stack with each jail, and use
netgraph to bridge the service jails to the physical interface. The
I am running a vimage-enabled kernel (8.0) for host/jails, and routing the
service jail's vnets with netgraph to a central ng_bridge. I would like to use
a SSL VPN to attach remote connections to the ng_bridge after nat'ing. The
three following pseudodevices seem to me like they are interacting wit
