Hi all,
I'm relatively new to FreeBSD and intend to use it in production when I am comfortable enough with it. To see more about my background, please see this post. I know being new to FreeBSD isn't a valid reason to ask questions that are answered in the documentation, but I really can't figure bridges out. Also not after reading the documentation and looking at tens of posts on the internet. Also it seems a lot of posts are outdated since FreeBSD changed over time. For example it seems that /etc/jail.conf didn't exist in earlier versions. I hope this is not a case of RTFM all along ;-). Also I should mention that I am less comfortable with networking in general than for example server management/hardening and software. So part of it might be my lack of understanding.
Goal
To use FreeBSD with jails (both service jails and 'full' jails, although that's probably irrelevant). Some jails have public IPv4 and IPv6 addresses and some of them have internal RFC1918 addresses (I guess with something like NAT). So two use-cases:
1. The FreeBSD host has a public IPv4 and IPv6 address that can be used to NAT (or some other mechanism) to internal jails (with private address space) that aren't publicly available (but can access the internet themselves), unless you use some proxy in front of it (which can of course also be jailed. Jail everything!). This is more or less how Docker, LXD/LXC and others are being used in the default setup.
2. Some of the jails on the FreeBSD host are publicly available with their own IPv4 and IPv6 address. I don't mind them having an internal RFC1918 address for local communication as well, but this is no requirement as of now.
Question
How would one configure this in host and jails (FreeBSD 12)? Any config examples of these use-cases that are more elaborate than "make a bridge to ..."?
And to close off: I know of the existence of iocage, ezjail etc. But by joining the FreeBSD community (from Linux) I hope to remove abstraction layers/dependencies instead of replacing them with new ones ;-). Also I like to know the inner workings of systems I use to some extend, and using something like iocage will make me lazy/not do that.
If someone needs more info, has questions or what not, ask! And of course I appreciate any response, thanks!
I'm relatively new to FreeBSD and intend to use it in production when I am comfortable enough with it. To see more about my background, please see this post. I know being new to FreeBSD isn't a valid reason to ask questions that are answered in the documentation, but I really can't figure bridges out. Also not after reading the documentation and looking at tens of posts on the internet. Also it seems a lot of posts are outdated since FreeBSD changed over time. For example it seems that /etc/jail.conf didn't exist in earlier versions. I hope this is not a case of RTFM all along ;-). Also I should mention that I am less comfortable with networking in general than for example server management/hardening and software. So part of it might be my lack of understanding.
Goal
To use FreeBSD with jails (both service jails and 'full' jails, although that's probably irrelevant). Some jails have public IPv4 and IPv6 addresses and some of them have internal RFC1918 addresses (I guess with something like NAT). So two use-cases:
1. The FreeBSD host has a public IPv4 and IPv6 address that can be used to NAT (or some other mechanism) to internal jails (with private address space) that aren't publicly available (but can access the internet themselves), unless you use some proxy in front of it (which can of course also be jailed. Jail everything!). This is more or less how Docker, LXD/LXC and others are being used in the default setup.
2. Some of the jails on the FreeBSD host are publicly available with their own IPv4 and IPv6 address. I don't mind them having an internal RFC1918 address for local communication as well, but this is no requirement as of now.
Question
How would one configure this in host and jails (FreeBSD 12)? Any config examples of these use-cases that are more elaborate than "make a bridge to ..."?
And to close off: I know of the existence of iocage, ezjail etc. But by joining the FreeBSD community (from Linux) I hope to remove abstraction layers/dependencies instead of replacing them with new ones ;-). Also I like to know the inner workings of systems I use to some extend, and using something like iocage will make me lazy/not do that.
If someone needs more info, has questions or what not, ask! And of course I appreciate any response, thanks!