Jails with vimage - clarification please

[perkypork]

I am playing around with using vimage and jails. I have a single nic with a single public IP and I would like to create approx 10 jails (on private IPs) and then give them internet access.

I have had a look at a bunch of different howtos and I am not sure how to create the above. I found this tutorial - http://wiki.polymorf.fr/index.php/Howto:FreeBSD_jail_vnet which seems close to what I want to achieve but it flies in the face of many of the howtos out there. I guess I have read too many howtos and are a bit confused.

If it makes a difference I am using iocage.

 

[perkypork]

This is a basic diagram of what I am trying to achieve. The computers are the jails and the Host is the gateway. I need to do it this way because I only have one public IP.

https://www.grc.com/vpn/ethernet2.png

 

[arader]

Just curious, but do you need VIMAGE? having only 1 public IP doesn't mean you have to use VIMAGE. Many people running jails will just use PF+NAT to translate the host's IP into the internal jail IPs. There are limitations to this that VIMAGE overcomes, but at the cost of having a virtualized network stack per jail.

 

[Savagedlight]

Just curious, but do you need VIMAGE? having only 1 public IP doesn't mean you have to use VIMAGE. Many people running jails will just use PF+NAT to translate the host's IP into the internal jail IPs. There are limitations to this that VIMAGE overcomes, but at the cost of having a virtualized network stack per jail.

I remember someone did performance tests on VIMAGE vs non-VIMAGE, and they came out pretty even. (differences were within the error margins)

The downside to VIMAGE is the memory leaks. But if you don't kill jails those won't hit you. (Who doesn't kill jails? )

 

[SirDice]

VIMAGE/VNET is still somewhat experimental, so use at your own risk. Looking at the diagram in post #2 there's no need to use VIMAGE/VNET. You can achieve the same without it. Just create lo1 and bind your jails to that.