我正在尝试在运行 FreeBSD 13.2 的小型服务器上构建一个玩具网络。我的想法是,我会有几个 jail 运行我可以从外部连接的 Web 服务,然后这些服务将连接到在其他 jail 中运行的数据库。我正在关注本指南介绍 vnet 和 jails它试图成为一个简单的入门工作示例,但却导致了这个不太有用的错误消息。
# jail -c mysql
epair10a
jail: mysql: vnet jails cannot have IP address restrictions
我对 稍加修改的版本/etc/jail.conf位于本文底部。无论怎么修改ip4=inherit;、ip4=new;或 都ip4=default;没有其他结果。我查看了 freebsd 论坛这篇文章中有一个人声称已经解决了同样的错误,但他们使用了一些我无法通过的包pkg。(我怀疑他们无论如何都帮不上忙)。
我显然错过了某物但很难找到任何东西那对于监狱网络很有用。
#/etc/jail.conf
# 1. definition of variables that we'll use through the config file
$jail_path="/jails";
path="$jail_path/$name";
# 2. begin - default configuration for all jails
# 3. some applications might need access to devfs
mount.devfs;
# 4. Clear environment variables
exec.clean;
# 5. Use the host's network stack for all jails
# ip4=inherit;
# ip6=inherit;
# 6. Initialization scripts
exec.start="sh /etc/rc";
exec.stop="sh /etc/rc.shutdown";
# 7. specific jail configuration
mysql {
$id = "10";
$ipaddr = "10.17.0.${id}";
$mask = "255.255.255.0";
$gw = "10.17.0.1";
vnet;
vnet.interface = "epair${id}b";
exec.prestart = "ifconfig epair${id} create up";
exec.prestart += "ifconfig epair${id}a up descr vnet-${name}";
exec.prestart += "ifconfig bridge0 addm epair${id}a up";
exec.start = "/sbin/ifconfig lo0 127.0.0.1 up";
exec.start += "/sbin/ifconfig epair${id}b ${ipaddr} netmask ${mask} up";
exec.start += "/sbin/route add default ${gw}";
exec.start += "/bin/sh /etc/rc";
exec.prestop = "ifconfig epair${id}b -vnet ${name}";
exec.poststop = "ifconfig bridge0 deletem epair${id}a";
exec.poststop += "ifconfig epair${id}a destroy";
path="/jails/mysql";
host.hostname = "${name}";
exec.consolelog = "/var/log/jail-${name}.log";
}