Solved IOCAGE networking

[balanga]

In my notes on setting up an IOCAGE jail I noted cryptically:=

# plumb interface em0 into bridge0
ifconfig_bridge0="addm em0 up"
ifconfig_em0="up"

This worked and I was able to create and log in to a few jails, but I didn't add anything to rc.conf which probably explains why my jails don't start up after a reboot.

If I enter these commands manually I don't see a bridge0.

Should I expect to?

 

[SirDice]

If I enter these commands manually I don't see a bridge0.

What commands, how? rc.conf doesn't contain commands, they're variable assignments.

 

[balanga]

What commands, how? rc.conf doesn't contain commands, they're variable assignments.

Don't I need to configure a bridge inrc.conf ?

 

[SirDice]

If I enter these commands manually I don't see a bridge0.

What commands did you use?

 

[balanga]

I think it was something like....


ifconfig_bridge0="addm em0 up"
ifconfig_em0="up"


 

[SirDice]

Again, those aren't commands. They are variable assignments. Entering them on the command line doesn't do anything but set the variables ifconfig_bridge0 and ifconfig_em0 to specific values.

 

[balanga]

Again, those aren't commands. They are variable assignments. Entering them on the command line doesn't do anything but set the variables ifconfig_bridge0 and ifconfig_em0 to specific values.

So how do I set up a bridge?

ifconfig bridge0 create ?

Now I can


ifconfig_bridge0="addm em0 up"
ifconfig_em0="up"


And now I can start my jails and login, but how to get the bridge interface to be permanent?

 

[SirDice]

but how to get the bridge interface to be permanent?

In rc.conf:

cloned_interfaces="bridge0"

 

[sko]

PLEASE read the handbook and manpages and educate yourself in the bare basics of how FreeBSD works. The lack thereof is pretty obvious from all your threads the last few days - learn how to walk before you try to run.
Everyone here is happy to help with specific problems, but you have to show that you are actually trying to learn something by yourself. You won't get pre-digested "copy&paste" answers here - because then you won't learn anything and have to ask for every little task you are trying to solve.

The FreeBSD Handbook and manpages are *excellent* and pretty much have nothing on par on the whole OS-market - and it all has been written by volunteers. So honour their great work and use it - it is *the best* initial source for information about FreeBSD and how to work with it.

 

[balanga]

The FreeBSD Handbook and manpages are *excellent* and pretty much have nothing on par on the whole OS-market - and it all has been written by volunteers. So honour their great work and use it - it is *the best* initial source for information about FreeBSD and how to work with it.

Yes the manpages are excellent but sometimes the amount of information is overwhelming.

When did you last look at ifconfig() when you wanted to figure something out if you weren't an expert on ifconfig?

FreeBSD has developed into a very complicated system.

One problem with FreeBSD guides is that many of them were written many years ago and no longer apply, but you don't realise this until you are tearing your hair out following instructions which are no longer correct.

 

[SirDice]

One problem with FreeBSD guides is that many of them were written many years ago and no longer apply, but you don't realise this until you are tearing your hair out following instructions which are no longer correct.

Very little has actually changed in the way you configure interfaces though. An rc.conf from the FreeBSD 3.x era would still work on 16.0-CURRENT.

 

[gotnull]

The chapter about jails in the handbook have been rewritten in 2024 (before that explanations and examples were mostly for ezjail which is now outdated), so following the handbook instructions in 2026 should cover most of your needs.

If you want, here are posts I've made about some blog posts, articles or books(not free) that can help to understand a bit more about jails:

jails Post in thread 'Looking for a good current getting started with jails tutorial'

Mar 29, 2024

dear all :
any one have jail pdf books ? we can't buy some freebsd books in china . thanks. wish some one share pdf books ...thanks.

These two books are available in few formats actually PDF included.

FreeBSD Mastery: Jails

CONFINE YOUR SOFTWARE Jails are FreeBSD’s most legendary feature: known to be powerful, tricky to master, and cloaked in decades of dubious lore. Deploying jails calls upon every sysadmin skill you have, and more—but unleashing lightweight virtualization is so worth it. “This is the sequel to

www.tiltedwindmillpress.com

This contains epub, PDF, and mobi (kindle) versions, DRM-free.

RDerik

This guide shows you how to use jails and virtual networks. Virtual networks give you the flexibility to:

rderik.com

Includes: mobi, ePub, PDF, plain text, and source code.

• gotnull

jails Post in thread 'Looking for a good current getting started with jails tutorial'

Apr 1, 2024

Dear gotnull:
i can't buy the pdf book because we can't pay USD in internet. we can't hold USD bank account. chinese people don't have usd in bank. thanks very much. that is why i ask need pdf free book. thanks.

You don't need a USD bank account, in both cases Paypal (which is available in China, I've checked) is the payment method, the only thing you need is a bank account.

That being said if for some reasons you don't want to or can't spend money on books, since the handbook has been updated it is the right way to study jails.

There are several blog posts over the...

• gotnull

• 

Here is a link to an interesting way to learn jails via pictures:

Thread 'Learn FreeBSD Jails with Pictures'

Jun 2, 2024

I don't know if you guys are already aware of this work, those PDF are a nice way to promote/learn FreeBSD Jails through pictures.

Index of /files/docs/freebsd/jails/

This work is done by this guy:

Making sure you're not a bot!

aka rdx_in
Which also made many others pictures about Booting Process, OpenZFS, etc

Making sure you're not a bot!

I am not sure if he's still around on the forum, I see he's on mastodon (which gains a lot of FreeBSD users lately it seems) but I'd love to see him re-upload some old pictures from his wiki page...

• gotnull
• Replies: 35
• Forum: Off-Topic

• 
• 

Don't be afraid of writing your own notes, don't need to be well written or smart, just words in a text file that you will happily read few weeks/months/years later.

Good luck and happy reading.

 

[balanga]

The chapter about jails in the handbook have been rewritten in 2024 (before that explanations and examples were mostly for ezjail which is now outdated), so following the handbook instructions in 2026 should cover most of your needs.


Good luck and happy reading.

That's one of the problems. I don't see much about IOCAGE jails.
I kind of got lucky initially and created one with hardly any effort, but only made skimpy notes and couldn't work out how to do it again. Not for a while anyway.

 

[T-Daemon]

So how do I set up a bridge?

And now I can start my jails and login, but how to get the bridge interface to be permanent?

iocage appears to come with comprehensive documentation. (see "Links" in the GH repositroy). Perhaps save the document links as bookmarks for later reference.

https://iocage.readthedocs.io/en/latest/index.html .

https://iocage.readthedocs.io/en/latest/networking.html#vimage-vnet :

/etc/rc.conf

On the host node, add this bridge configuration to /etc/rc.conf:

# set up bridge interface for iocage
cloned_interfaces="bridge0"

# plumb interface em0 into bridge0
ifconfig_bridge0="addm em0 up"
ifconfig_em0="up"

Note the following additional configuration information. The "# plum ..." line looks familiar from your notes in your opening post # 1.


I can't comment one iocage, never used it, but I have a very good experience with sysutils/bastille. Very lightweight, no dependencies, the package comes with many manuals, and the online documentations is also comprehensive: https://bastille.readthedocs.io/en/latest/

 

[balanga]

In my notes on setting up an IOCAGE jail I noted cryptically:=

# plumb interface em0 into bridge0
ifconfig_bridge0="addm em0 up"
ifconfig_em0="up"

This worked and I was able to create and log in to a few jails, but I didn't add anything to rc.conf which probably explains why my jails don't start up after a reboot.

If I enter these commands manually I don't see a bridge0.

Should I expect to?

Note to self.

the code above should have read like this:-

# set up bridge interface for iocage
cloned_interfaces="bridge0"

# plumb interface em0 into bridge0
ifconfig_bridge0="addm em0 up"
ifconfig_em0="up"

 

[gotnull]

That's one of the problems. I don't see much about IOCAGE jails.

Quote from the book "FreeBSD Mastery Jails" description:

FreeBSD Mastery: Jails cuts through the clutter to expose the inner mechanisms of jails and unleash their power in your service. You will:

• Understand the base system’s jail tools and the iocage toolkit

With this book, the documentation from iocage and the handbook you should be okay.

Just to compare, this is an old version of the handbook, see how the jail chapter has improved, really good job.

 

[balanga]

Quote from the book "FreeBSD Mastery Jails" description:

With this book, the documentation from iocage and the handbook you should be okay.

Just to compare, this is an old version of the handbook, see how the jail chapter has improved, really good job.

I had used this guide to set up jails in the past and it seemed like a PITA and was very pleased to come across IOCAGE which makes things much easier.

I did come across https://freebsd.github.io/iocage/ which helped me initially but https://freebsd.github.io/iocage/networking.html confused me because I didn't know if I wanted a Shared IP jail or a VNET jail. I'm still not sure of the difference. I'm only getting started with this so it may become apparent over time.


There is more information on IOCAGE here.

 

[gotnull]

I'm still not sure of the difference

if you did not find out yet, there is an explanation in the handbook:

Host Networking Mode (IP Sharing)
In host networking mode, a jail shares the same networking stack as the host system. When a jail is created in host networking mode it uses the same network interface and IP address. This means that the jail does not have a separate IP address, and its network traffic is associated with the host’s IP.
Virtual Networks (VNET)
Virtual Networks are a feature of FreeBSD jails that offer more advanced and flexible networking solutions than a basic networking mode like host networking. VNET allows the creation of isolated network stacks for each jail, providing them with their own separate IP addresses, routing tables, and network interfaces. This offers a higher level of network isolation and allows jails to function as if they are running on separate virtual machines.
The netgraph system
netgraph(4) is a versatile kernel framework for creating custom network configurations. It can be used to define how network traffic flows between jails and the host system and between different jails.

Here are examples showing jails in action for each different case, good job from this guy BTW:

FreeBSD Jails And Networking

When using FreeBSD, the most common method for virtualization and process isolation are jails. Introduced with FreeBSD 4.0 in March of 2000, they predate the closest Linux equivalent, cgroups (and, by extension, Docker), by nearly a decade. A core part of any virtualization technology is its...

etherealwake.com