Hey guys,
Been using FreeBSD for a couple years now, but I'm thinking about finally being smart and not lazy and separate my server from my home network into its own so I can do some more particular firewalling. I have 2 networks in this scenario:
So what I was thinking was, could I perhaps have an interface going to the Home network for some jails (say, when I'm creating a Home jail it uses interface `em1`), and then if I want to create a Server jail I use bge0, em0, etc (since em0-3 are my extra ports)? The other issues I'm thinking of are how iocage handles vnets and what to do with that defaultrouter options. If I understand it right, the defaultrouter will not affect my jails, and I could add my own routing tables, at least if I do VNET correct? The other part is I don't know if I can tell a vnet to be created on interface em0 or em1.
Been using FreeBSD for a couple years now, but I'm thinking about finally being smart and not lazy and separate my server from my home network into its own so I can do some more particular firewalling. I have 2 networks in this scenario:
- Home - 192.168.1.0/24
- Server - 172.16.0.0/27
Code:
ifconfig_bge0="inet 192.168.1.40 netmask 255.255.255.0"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm bge0"
defaultrouter="192.168.1.1"So what I was thinking was, could I perhaps have an interface going to the Home network for some jails (say, when I'm creating a Home jail it uses interface `em1`), and then if I want to create a Server jail I use bge0, em0, etc (since em0-3 are my extra ports)? The other issues I'm thinking of are how iocage handles vnets and what to do with that defaultrouter options. If I understand it right, the defaultrouter will not affect my jails, and I could add my own routing tables, at least if I do VNET correct? The other part is I don't know if I can tell a vnet to be created on interface em0 or em1.