I configured a Bastille VNET jail for the first time recently, and except for a stupid mistake, it worked quite well after I added IPs (IPv4/IPv6) from the jail's IP subnet to the bridge interface, and defined these IPs as default gateways for the jail. The latter can be accomplished via /usr/local/bastille/bastille.conf with the
– did not achieve persistence, because the interface exists only after Bastille starts.
How can I make the IP addresses stick to the bridge, why is there no (obvious) way to configure the bridge interface automatically (using Bastille), and am I using VNET jails completely wrong?
Update: I used
– for a persistent IP assignment now, but I am still hoping for something more elegant.
bastille_network_gateway and bastille_network_gateway6 variables. The former step had to be done manually (with ifconfig), and appending /etc/rc.conf like this –
Code:
ifconfig_vtnet0bridge=10.95.0.1/24
ifconfig_vtnet0bridge_ipv6="inet6 fdb6:1b5:3992:e964::1/64"– did not achieve persistence, because the interface exists only after Bastille starts.
How can I make the IP addresses stick to the bridge, why is there no (obvious) way to configure the bridge interface automatically (using Bastille), and am I using VNET jails completely wrong?
Update: I used
devd with the following configuration –
Code:
notify 100 {
match "system" "IFNET";
match "subsystem" "bridge0";
match "type" "LINK_UP";
action "sleep 2; ifconfig vtnet0bridge inet 10.95.0.1/24; ifconfig vtnet0bridge inet6 fdb6:1b5:3992:e964::1/64";
};– for a persistent IP assignment now, but I am still hoping for something more elegant.