I’m trying to build a toy network on a small server running FreeBSD 13.2. The idea is that I would have a few jails running web services that I could connect to from outside, which would then connect to databases running in other jails. I’m following this guide to vnet and jails which attempts to be a simple working example for getting started, which results in this less than helpful error message.
# jail -c mysql
epair10a
jail: mysql: vnet jails cannot have IP address restrictions
My lightly edited version of /etc/jail.conf
is at the bottom of this post. No amount of futzing with ip4=inherit;
, ip4=new;
, or ip4=default;
has any other result. I’ve checked the freebsd forum this post has a person who claims to have solved the same error, but they use some packages that I can’t get through pkg
. (I suspect they wouldn’t help anyways).
I’m clearly missing something but it’s been hard to find anything that useful for jail networking.
#/etc/jail.conf
# 1. definition of variables that we'll use through the config file
$jail_path="/jails";
path="$jail_path/$name";
# 2. begin - default configuration for all jails
# 3. some applications might need access to devfs
mount.devfs;
# 4. Clear environment variables
exec.clean;
# 5. Use the host's network stack for all jails
# ip4=inherit;
# ip6=inherit;
# 6. Initialization scripts
exec.start="sh /etc/rc";
exec.stop="sh /etc/rc.shutdown";
# 7. specific jail configuration
mysql {
$id = "10";
$ipaddr = "10.17.0.${id}";
$mask = "255.255.255.0";
$gw = "10.17.0.1";
vnet;
vnet.interface = "epair${id}b";
exec.prestart = "ifconfig epair${id} create up";
exec.prestart += "ifconfig epair${id}a up descr vnet-${name}";
exec.prestart += "ifconfig bridge0 addm epair${id}a up";
exec.start = "/sbin/ifconfig lo0 127.0.0.1 up";
exec.start += "/sbin/ifconfig epair${id}b ${ipaddr} netmask ${mask} up";
exec.start += "/sbin/route add default ${gw}";
exec.start += "/bin/sh /etc/rc";
exec.prestop = "ifconfig epair${id}b -vnet ${name}";
exec.poststop = "ifconfig bridge0 deletem epair${id}a";
exec.poststop += "ifconfig epair${id}a destroy";
path="/jails/mysql";
host.hostname = "${name}";
exec.consolelog = "/var/log/jail-${name}.log";
}