[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-virtualization
Subject: VIMAGE and pf?
From: bz () FreeBSD ! org (Bjoern A ! Zeeb)
Date: 2011-06-19 21:42:55
Message-ID: 27F2A9EF-EE03-47BD-894E-7CDB1B4BF478 () FreeBSD ! org
[Download RAW message or body]
On Jun 19, 2011, at 8:40 PM, Stefan Bethke wrote:
> Am 19.06.2011 um 05:07 schrieb Julian Elischer:
>
> > On 6/18/11 3:53 AM, Stefan Bethke wrote:
> > > Is VIMAGE supposed to be compatible with pf? On r223207 (8-stable) I'm getting \
> > > a panic when pfctl loads the rules:
> >
> >
> > no they are not compatible.. there are comatibilty patches but we have so far \
> > failed to get them into the tree.
>
> Aw, too bad.
>
> I'm trying to get some processes, maybe a full jail, to use a seperate ADSL (PPPoE) \
> connection as their default route, and I'm a bit flummoxed by the options.
> It seems that pf won't allow me to reference jails in rules (according to \
> pf.conf(5)), but I could have those processes run as a certain user.
> Alternatively, I think I should be able to use setfib(1) with ROUTETABLES. Any \
> advice on how I would configure mpd5 and/or a jail?
I had posted a patch and I thought (maybe even committed to HEAD?) that restricts pf \
to the base system so you could use it from there, it wouldn't panic but not be \
available from within vnets.
For mpd5 to work inside a jail and create interfaces etc. you would need VNETs. For \
moving mpd interfaces into a JAIL you would need VNETs.
If you just want mpd in base and services in a jail static IPs could do the trick. \
Jails can exists without the IPs present -- listening services will be more tircky.
Ok, just a patch it seems, not committed; try to see if it still applies to stable/8. \
If not I can probably update it quickly: \
http://lists.freebsd.org/pipermail/freebsd-virtualization/2010-September/000509.html
/bz
--
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic