On 12/11/10 4:49 PM, William Phillips wrote:
Hello:
The following script creates a point-to-point link between jails.
I will admit that I don't remember ever actually connecting
two ng_iface nodes directly to each other.
Having said htat there the epair(4) driver which is specifically
designed to do this.
and you may have more luck with that.
Also ng_iface nodes are more usually used with a ng_bridge or similar
node.
for an example look at the two example files in -current (9.x)
in /share/examples/netgraph
http://svn.freebsd.org/viewvc/base/head/share/examples/netgraph/virtual.chain?view=markup
http://svn.freebsd.org/viewvc/base/head/share/examples/netgraph/virtual.lan?view=markup
I should move these to 8 soon I guess.
#!/bin/sh
# script to create two vnet jails and connect them via ng_iface interfaces
# create two vnet jails
jail -c vnet name=node0 host.hostname=node0 path=/ persist
jexec node0 ifconfig lo0 localhost
jail -c vnet name=node1 host.hostname=node1 path=/ persist
jexec node1 ifconfig lo0 localhost
# create two ng_ifaces and connect them in netgraph
ngctl mkpeer . iface hook inet
ngctl mkpeer ng0: iface inet inet
# move the corresponding interfaces into the jails
ifconfig ng0 vnet node0
ifconfig ng1 vnet node1
# configure the interfaces in the jails
jexec node0 ifconfig ng0 192.168.10.1 192.168.10.2
jexec node1 ifconfig ng1 192.168.10.2 192.168.10.1
# end of script
When I try to ping node1 from node0 the echo request appears on ng1 according
to tcpdump on node1 but node1 does not generate an echo reply. Here is the
output generated on each jail.
[r...@gateway /home/phillips]# jexec node0 ping -c1 192.168.10.2
PING 192.168.10.2 (192.168.10.2): 56 data bytes
--- 192.168.10.2 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
[r...@gateway /home/phillips]# jexec node1 tcpdump -n -i ng1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ng1, link-type NULL (BSD loopback), capture size 96 bytes
20:31:38.509494 IP 192.168.10.1> 192.168.10.2: ICMP echo request, id 55300,
seq 0, length 64
This is for FreeBSD8.1 with kernel config GENERIC with the following changes:
#options SCTP # Stream Control Transmission Protocol
options VIMAGE
options IPFIREWALL #firewall
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options MROUTING # Multicast routing
Bill Phillips
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to
"[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to
"[email protected]"
