need help with jail networking

[tom_h]

making a program to create jails easily, automatically puts all the needed stuff into pf.conf,jail.conf and rc.conf when created in this format:

jail.conf:

#devfs_ruleset = "2";
mount.devfs;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
allow.raw_sockets = "1";



testing {
    host.hostname = "testing.net";
    ip4.addr = "10.80.0.2";
    path = "/usr/jail/testing";
}

rc.conf

pf.conf:

nat on vtnet0 from lo1 to any -> (vtnet0)
rdr on vtnet0 proto tcp from any to 10.1.0.134 port 2223 -> 10.80.0.2 port 22

rc.conf:

ifconfig_vtnet0="inet 10.1.0.134 netmask 255.255.255.0"
defaultrouter="10.1.0.250"
sshd_enable="YES"
dumpdev="AUTO"
zfs_enable="YES"
jail_enable="YES"
pf_enable="YES"
gateway_enable="YES"

cloned_interfaces="lo1"

ipv4_addrs_lo1="10.80.0.2/32  "

iocage_enable="YES"

host ifconfig:

vtnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
        ether de:fe:a1:b9:0c:c3
        inet 10.1.0.134 netmask 0xffffff00 broadcast 10.1.0.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 10.80.0.2 netmask 0xffffffff
        inet6 fe80::1%lo1 prefixlen 64 scopeid 0x3
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

so that all gets updated automatically with my program, to put in all the new IPs and things like that when a new jail is created. However, I'm having an issue where when the jail is created, it doesn't have network until the host is rebooted, and only after that, it will then have network access. What I want to do is after the jail is created, the jail should be able to be restarted and then instantly have a network connection, is this possible? Apologies if this is stupid, its my first time using FreeBSD. thanks in advance.

 

[chrbr]

ipv4_addrs_lo1="10.80.0.2/32 "

I am not sure if the netmask is ok. I think it should be /24 in case you want to have 10.80.0.1 to 10.80.0.254 as normal addresses and 10.80.0.255 as broadcast address. If I am not wrong the lo1 address of the host and the jail in your configs are similar. They should be different, for example 10.80.0.3 for the jail.
About the other settings I have no idea.

 

[tom_h]

I am not sure if the netmask is ok. I think it should be /24 in case you want to have 10.80.0.1 to 10.80.0.254 as normal addresses and 10.80.0.255 as broadcast address. If I am not wrong the lo1 address of the host and the jail in your configs are similar. They should be different, for example 10.80.0.3 for the jail.
About the other settings I have no idea.

Thanks, 10.80.0.2 is just the ip of the jail, the host ip is completly different

 

[SirDice]

ipv4_addrs_lo1="10.80.0.2/32 "

You don't have to create the alias in advance. The IP address is automatically added to the interface when the jail is started and removed when it's stopped.

But you do need to add the interface to the jail's configuration:

testing {
    host.hostname = "testing.net";
    ip4.addr = "10.80.0.2";
    interface = lo1;
    path = "/usr/jail/testing";
}

 

[chrbr]

Dear tom_h,
please have a look at Thread 53362. It is a how to do about running firefox in a jail. As in your setup the communication uses lo1 and NAT. Therefore at least the network part might be of interest for you.