Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

How to set up a jail network in FreeBSD13.2

by |Published

I’m trying to build a toy network on a small server running FreeBSD 13.2. The idea is that I would have a few jails running web services that I could connect to from outside, which would then connect to databases running in other jails. I’m following this guide to vnet and jails which attempts to be a simple working example for getting started, which results in this less than helpful error message.

# jail -c mysql
epair10a
jail: mysql: vnet jails cannot have IP address restrictions

My lightly edited version of /etc/jail.conf is at the bottom of this post. No amount of futzing with ip4=inherit;, ip4=new;, or ip4=default; has any other result. I’ve checked the freebsd forum this post has a person who claims to have solved the same error, but they use some packages that I can’t get through pkg. (I suspect they wouldn’t help anyways).

I’m clearly missing something but it’s been hard to find anything that useful for jail networking.

#/etc/jail.conf
# 1. definition of variables that we'll use through the config file
$jail_path="/jails";
path="$jail_path/$name";

# 2. begin - default configuration for all jails

# 3. some applications might need access to devfs
mount.devfs;

# 4. Clear environment variables
exec.clean;

# 5. Use the host's network stack for all jails
# ip4=inherit;
# ip6=inherit;

# 6. Initialization scripts
exec.start="sh /etc/rc";
exec.stop="sh /etc/rc.shutdown";

# 7. specific jail configuration   
mysql {

        $id = "10";
        $ipaddr = "10.17.0.${id}";
        $mask = "255.255.255.0";
        $gw = "10.17.0.1";

        vnet;
        vnet.interface = "epair${id}b";

        exec.prestart = "ifconfig epair${id} create up";
        exec.prestart += "ifconfig epair${id}a up descr vnet-${name}";
        exec.prestart += "ifconfig bridge0 addm epair${id}a up";

        exec.start = "/sbin/ifconfig lo0 127.0.0.1 up";
        exec.start += "/sbin/ifconfig epair${id}b ${ipaddr} netmask ${mask} up";
        exec.start += "/sbin/route add default ${gw}";
        exec.start += "/bin/sh /etc/rc";

        exec.prestop = "ifconfig epair${id}b -vnet ${name}";

        exec.poststop = "ifconfig bridge0 deletem epair${id}a";
        exec.poststop += "ifconfig epair${id}a destroy";

        path="/jails/mysql";
        host.hostname = "${name}";

        exec.consolelog = "/var/log/jail-${name}.log";

}

You may also like