Script started on Sun Jul 3 07:15:13 2016 #### vimage jail(8) definition for jail v10 /root >cat /usr/local/etc/qjail.config/v10 v10 { host.hostname = "v10"; path = "/usr/jails/v10"; mount.fstab = "/usr/local/etc/qjail.fstab/v10"; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.consolelog = "/var/log/qjail.v10.console.log"; mount.devfs; devfs_ruleset = "4"; vnet; exec.poststart="/usr/local/bin/qjail.vnet.be start v10 rl0"; exec.prestop="/usr/local/bin/qjail.vnet.be stop v10 rl0"; } #### vimage jail(8) definition for jail v20 /root >cat /usr/local/etc/qjail.config/v20 v20 { host.hostname = "v20"; path = "/usr/jails/v20"; mount.fstab = "/usr/local/etc/qjail.fstab/v20"; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.consolelog = "/var/log/qjail.v20.console.log"; mount.devfs; devfs_ruleset = "4"; vnet; exec.poststart="/usr/local/bin/qjail.vnet.be start v20 rl0"; exec.prestop="/usr/local/bin/qjail.vnet.be stop v20 rl0"; } #### called script /root >cat /usr/local/bin/qjail.vnet.be #!/bin/sh function=$1 jailname=$2 nicname=$3 start () { jid=`jls -j ${jailname} jid` if [ "${jid}" -gt "250" ]; then echo " " echo "ERROR: No more vnet jail epair ip addresses can be created." echo "You MUST shutdown the host and reboot before vnet jails are" echo "startable again." echo " " exit 2 fi # Check the hosts network for existing bridge. # If no bridge yet then create the bridge. # Add real interface device name to one side of bridge. # bridge=`ifconfig | grep -m 1 bridge | cut -f 1 -d :` if [ -z ${bridge} ]; then ifconfig bridge0 create > /dev/null 2> /dev/null ifconfig bridge0 addm ${nicname} ifconfig bridge0 up # vnet jails will not work unless ip forwarding is enabled. sysctl net.inet.ip.forwarding=1 > /dev/null 2> /dev/null fi # Do this logic for all vnet jails. # Assign alias IP number to bridge using jid to make it unique per vnet jail. # The alias IP number is the vnet jails default route ip address. # Create epair assigning "a" to bridge and "b" to the vnet jail # ifconfig bridge0 alias 10.${jid}.0.1 ifconfig epair${jid} create > /dev/null 2> /dev/null ifconfig bridge0 addm epair${jid}a ifconfig epair${jid}a up ifconfig epair${jid}b vnet ${jid} # Assign ip address to epair "b" inside of the vnet jail. # jexec ${jailname} ifconfig epair${jid}b 10.${jid}.0.2 jexec ${jailname} route add default 10.${jid}.0.1 > /dev/null 2> /dev/null jexec ${jailname} ifconfig lo0 127.0.0.1 } stop () { # Disable vnet jails network configuration. # jid=`jls -j ${jailname} jid` ifconfig epair${jid}b -vnet ${jid} ifconfig bridge0 -alias 10.${jid}.0.1 ifconfig epair${jid}a destroy # If host has no more vnet jails then disable bridge. # epair=`ifconfig | grep -m 1 epair | cut -f 1 -d :` if [ -z ${epair} ]; then ifconfig bridge0 destroy fi } [ "${function}" = "start" ] && start $* && exit 0 [ "${function}" = "stop" ] && stop $* && exit 0 #### host network before starting vimage jails /root >ifconfig -a rl0: flags=8843 metric 0 mtu 1500 options=2008 ether 00:0c:6e:09:8b:74 inet 10.0.10.9 netmask 0xfffffff0 broadcast 10.0.10.15 nd6 options=29 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff000000 nd6 options=21 groups: lo #### host network after starting both jails /root >ifconfig -a rl0: flags=8943 metric 0 mtu 1500 options=2008 ether 00:0c:6e:09:8b:74 inet 10.0.10.9 netmask 0xfffffff0 broadcast 10.0.10.15 nd6 options=29 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff000000 nd6 options=21 groups: lo bridge0: flags=8843 metric 0 mtu 1500 ether 02:46:d0:31:46:00 inet 10.1.0.1 netmask 0xff000000 broadcast 10.255.255.255 inet 10.2.0.1 netmask 0xff000000 broadcast 10.255.255.255 nd6 options=9 groups: bridge id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: epair2a flags=143 ifmaxaddr 0 port 5 priority 128 path cost 2000 member: epair1a flags=143 ifmaxaddr 0 port 4 priority 128 path cost 2000 member: rl0 flags=143 ifmaxaddr 0 port 1 priority 128 path cost 200000 epair1a: flags=8943 metric 0 mtu 1500 options=8 ether 02:c1:a8:00:04:0a inet6 fe80::c1:a8ff:fe00:40a%epair1a prefixlen 64 scopeid 0x4 nd6 options=21 media: Ethernet 10Gbase-T (10Gbase-T ) status: active groups: epair epair2a: flags=8943 metric 0 mtu 1500 options=8 ether 02:c1:a8:00:05:0a inet6 fe80::c1:a8ff:fe00:50a%epair2a prefixlen 64 scopeid 0x5 nd6 options=21 media: Ethernet 10Gbase-T (10Gbase-T ) status: active groups: epair #### after stopping & starting both jails /root >ifconfig -a rl0: flags=8943 metric 0 mtu 1500 options=2008 ether 00:0c:6e:09:8b:74 inet 10.0.10.9 netmask 0xfffffff0 broadcast 10.0.10.15 nd6 options=29 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff000000 nd6 options=21 groups: lo bridge0: flags=8843 metric 0 mtu 1500 ether 02:46:d0:31:46:00 inet 10.3.0.1 netmask 0xff000000 broadcast 10.255.255.255 inet 10.4.0.1 netmask 0xff000000 broadcast 10.255.255.255 nd6 options=9 groups: bridge id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: epair4a flags=143 ifmaxaddr 0 port 5 priority 128 path cost 2000 member: epair3a flags=143 ifmaxaddr 0 port 4 priority 128 path cost 2000 member: rl0 flags=143 ifmaxaddr 0 port 1 priority 128 path cost 200000 epair3a: flags=8943 metric 0 mtu 1500 options=8 ether 02:c1:a8:00:04:0a inet6 fe80::c1:a8ff:fe00:40a%epair3a prefixlen 64 tentative scopeid 0x4 nd6 options=29 media: Ethernet 10Gbase-T (10Gbase-T ) status: active groups: epair epair4a: flags=8943 metric 0 mtu 1500 options=8 ether 02:c1:a8:00:05:0a inet6 fe80::c1:a8ff:fe00:50a%epair4a prefixlen 64 scopeid 0x5 nd6 options=21 media: Ethernet 10Gbase-T (10Gbase-T ) status: active groups: epair #### after stopping all jails /root >ifconfig -a rl0: flags=8843 metric 0 mtu 1500 options=2008 ether 00:0c:6e:09:8b:74 inet 10.0.10.9 netmask 0xfffffff0 broadcast 10.0.10.15 nd6 options=29 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff000000 nd6 options=21 groups: lo Script done on Sun Jul 3 07:22:14 2016