Hello: Thanks for the quick reply.
I generally use what you mention below to build the network at layer 2 then move all the interfaces into the various jails. Everything works fine with ng_hub or ng_bridge and ng_eiface but I decided to try a point-to-point connection which use to work in the vimage days (FreeBSD 4.11) and found that it doesn't work with vnet jails. Bill Phillips On 2010-12-11, at 10:31 PM, Julian Elischer wrote: > On 12/11/10 4:49 PM, William Phillips wrote: >> Hello: >> >> The following script creates a point-to-point link between jails. > > I will admit that I don't remember ever actually connecting > two ng_iface nodes directly to each other. > > Having said htat there the epair(4) driver which is specifically designed to > do this. > and you may have more luck with that. > Also ng_iface nodes are more usually used with a ng_bridge or similar node. > > for an example look at the two example files in -current (9.x) > in /share/examples/netgraph > > http://svn.freebsd.org/viewvc/base/head/share/examples/netgraph/virtual.chain?view=markup > http://svn.freebsd.org/viewvc/base/head/share/examples/netgraph/virtual.lan?view=markup > > I should move these to 8 soon I guess. > > >> #!/bin/sh >> >> # script to create two vnet jails and connect them via ng_iface interfaces >> >> # create two vnet jails >> jail -c vnet name=node0 host.hostname=node0 path=/ persist >> jexec node0 ifconfig lo0 localhost >> >> jail -c vnet name=node1 host.hostname=node1 path=/ persist >> jexec node1 ifconfig lo0 localhost >> >> # create two ng_ifaces and connect them in netgraph >> ngctl mkpeer . iface hook inet >> ngctl mkpeer ng0: iface inet inet >> >> # move the corresponding interfaces into the jails >> ifconfig ng0 vnet node0 >> ifconfig ng1 vnet node1 >> >> # configure the interfaces in the jails >> jexec node0 ifconfig ng0 192.168.10.1 192.168.10.2 >> jexec node1 ifconfig ng1 192.168.10.2 192.168.10.1 >> >> # end of script >> >> When I try to ping node1 from node0 the echo request appears on ng1 >> according to tcpdump on node1 but node1 does not generate an echo reply. >> Here is the output generated on each jail. >> >> [r...@gateway /home/phillips]# jexec node0 ping -c1 192.168.10.2 >> PING 192.168.10.2 (192.168.10.2): 56 data bytes >> >> --- 192.168.10.2 ping statistics --- >> 1 packets transmitted, 0 packets received, 100.0% packet loss >> >> >> [r...@gateway /home/phillips]# jexec node1 tcpdump -n -i ng1 >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode >> listening on ng1, link-type NULL (BSD loopback), capture size 96 bytes >> 20:31:38.509494 IP 192.168.10.1> 192.168.10.2: ICMP echo request, id 55300, >> seq 0, length 64 >> >> >> This is for FreeBSD8.1 with kernel config GENERIC with the following changes: >> >> #options SCTP # Stream Control Transmission >> Protocol >> >> options VIMAGE >> options IPFIREWALL #firewall >> options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default >> options MROUTING # Multicast routing >> >> >> Bill Phillips >> >> _______________________________________________ >> freebsd-virtualization@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization >> To unsubscribe, send any mail to >> "freebsd-virtualization-unsubscr...@freebsd.org" >> > _______________________________________________ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
