Solved Vnet jail cannot connect to services running on host

Hello

I am currently learning how to use FreeBSD to host some basic services in Jails

I am trying to configure networking with jails. I noticed that if I try to connect from a jail to a web server installed on the host, the connection is blocked even if the firewall is disabled.

It is a setup I wish for, but I do not know how it work.
I was not able to find in man pages if this a normal behavior or not.

Can someone respond that question to me or tell me where can I find this information ?

Thanks.

Host /etc/rc.conf:
Code:
hostname="test-freebsd-zfs"
keymap="fr.acc.kbd"
ifconfig_vtnet0="inet 192.168.122.2 netmask 255.255.255.0"
defaultrouter="192.168.122.1"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm vtnet0"


sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"
sendmail_enable="NO"

jail_enable="YES"

apache24_enable="yes"
pf_enable="yes"
pflog_enable="yes"

/etc/jail.conf
Code:
exec.clean;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";

mount.devfs;
allow.raw_sockets;

vnet;

testjail {
    host.hostname = testjail.lan;
    path = "/storage/jails/testjail";
    
    devfs_ruleset = "5";

    
    vnet.interface = "epair0b";
    exec.prestart = "ifconfig epair0 create up";
    exec.prestart += "ifconfig bridge0 addm epair0a";
    exec.poststop = "ifconfig bridge0 deletem epair0a";
    exec.poststop += "ifconfig epair0a destroy";

}

Jail /etc/rc.conf
Code:
ifconfig_epair0b="inet 192.168.122.10/24"
defaultrouter="192.168.122.1"

nginx_enable="YES"
 
Tried with this /etc/rc.conf
Code:
cloned_interface="bridge0"
ifconfig_bridge0="addm vtnet0 up"
ifconfig_bridge0="inet 192.168.122.2/24"
ifconfig_vtnet0="up"
defaultrouter="192.168.122.1"

The jail can access to the host apache server, but both the jail and the host cannot reach the rest of the network neither be reached.

I should try to use a dedicated subnet for the bridge and the jails and treat the host like a router.
I will tell you if it works.
 
Code:
ifconfig_bridge0="addm vtnet0 up" 
ifconfig_bridge0="inet 192.168.122.2/24"
Common newbie mistake. Entries in rc.conf are shell variables. Your second definition overwrites the first.

Code:
ifconfig_bridge0="addm vtnet0 inet 192.168.122.2/24"
 
Thanks.

All works well if I use ifconfig bridge0 inet 192.168.122.2/24 to attribute the address to the bridge
this :
Code:
cloned_interfaces="bridge0"
ifconfig_bridge0="addm vtnet0 inet 192.168.122.2/24"
ifconfig_vtnet0="up"
does not set the bridge address on boot (got a message :
Code:
ifconfig: inet: bad value


EDIT :
In doing some research, I found this messages on the mailling list : https://lists.freebsd.org/pipermail/freebsd-stable/2011-February/061315.html
The inet part has to be in the left of addm part.

The right code is:
Code:
ifconfig_bridge0="inet 192.168.122.2/24 addm vtnet0 up"

Now all works has expected. Thanks a lot.
 
Back
Top