The address must be assigned to a interface in the host FreeBSD.
You can do it before starting the jail, or when the jail is being started.

To assign the address before starting the jail do somthing like this:
# ifconfig lnc0 alias
where lnc0 is the name of nic in the host FreeBSD

Great. Here is what I did:

sorb# mkdir -p /usr/jails/vm1
sorb# cd /usr/src
sorb# setenv D /usr/jails/vm1
sorb# make installworld DESTDIR=$D
sorb# make distribution DESTDIR=$D
sorb# cat >> /etc/rc.conf


sorb#mount -t devfs devfs $D /dev
sorb# /etc/rc.d/jail start vm1
Configuring jails:.
Starting jails:ifconfig: interface lnc0 does not exist

See, I do not understand how this works. If I use a real physical interface then it works:

sorb# ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   ether 00:1a:4d:7b:cf:d6
   inet X.X.X.X netmask 0xffffff00 broadcast X.X.X.255
   inet netmask 0xffffffff broadcast
   media: Ethernet autoselect (100baseTX <full-duplex>)
   status: active

where X.X.X.X is my public internet IP address. But I do not like this. I do not want to expose my jail's private IP address to the internet. Am I too paranoid? Should I just add rules like

ipfw add 1000 allow all from X.X.X.X to
ipfw add 1001 allow all from to X.X.X.X
ipfw add 1002 deny all from any to
ipfw add 1003 deny all from to any

and be happy? Or would it be better to create a virtual ethernet interface for my jails? Somehow?

d.) It requires to use firewall either ipfw or pf. For example you can add to your /etc/pf.conf: nat on lnc0 from to any ->
But the firewall requires more lines then this one to work correcly with all 
network traffic.
And you have to know exactly what you want to get for using it.
I'm using ipfw. I think I'll use natd+divert on the host.

Thank you very much! I feel I'm over the hard part. :-)


_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to