FreeBSD equivilent of Virtual Private Network (Bridges???)

I have set up a FreeBSD 11.1 server that I hope to use as a web server for a number of sites.

For security, each site is going to have it's own jail. Because I only have one static IP address, one of these Jails is simply going to be a reverse proxy (Using nginx) and will provide https access.

I am used to using Hyper-V and I would normally, if I were going to have multiple Hyper-V machines, create a virtual internal/private network switch so all the traffic between my web servers and reverse proxy would be hidden on a 'virtual switch' so as to isolate it.

Is there a way to do the same in FreeBSD? What I am thinking is that I have to create a bridge, and create virtual interfaces to connect to it for each jail. But I am unsure how to progress once I have created the jail. Can I create virtual connections to this bridge? If so, how? Am I barking up the wrong tree here?

Any help would be appreciated.


No need to do this for jails, you can simply clone a lo1 and tie your jails to that. There are plenty of examples how to set this up.

What you are describing is common with virtualization software like bhyve(8).
root@molly:~ # vm list
NAME            DATASTORE       LOADER      CPU    MEMORY    VNC                  AUTOSTART    STATE
fbsdtest        default         bhyveload   1      512M      -                    No           Stopped
pptimg01        default         uefi        1      512M      -                    No           Stopped
ppttst01        default         uefi        1      512M      -                    No           Stopped
sdgame01        default         grub        2      4096M     -                    No           Stopped
sdkerb01        default         uefi        1      512M      -                    No           Stopped
sdtest01        default         uefi        1      512M      -                    No           Stopped
wintermute      default         bhyveload   4      2048M     -                    Yes [1]      Running (1026)
root@molly:~ # vm switch info
Virtual Switch: public
  type: auto
  ident: bridge0
  vlan: -
  nat: -
  physical-ports: em0
  bytes-in: 1157304719 (1.077G)
  bytes-out: 122720676660 (114.292G)

    device: tap0
    vm: wintermute
Thank you, wan't aware of this - probably a terminology thing that I was searching wrongly for.

I'll leave it for next weekend and sort it out, thank you.