Preparing the network: Jails and VMs

Introduction

Bastille and BHYVE both have ‘slightly’ different requirements for the network settings. This section describes what needs to be set so that both solutions can run well in parallel. But even if only jails or VMs are used, these are the right basics.

Targets

Jails or VMs can either obtain their own IP address from the same LAN network as the host system via DHCP or be operated with an IP address from a private address range on the host. Access to the private address range is then permitted via pf or NAT.

NEW: For the very impatient I have a console only section. There are only commands, no explanations.

Last update:

01.12.2024: Initial version

Basic requirements

A FreeBSD server is set up and prepared
The network card of the host system with access to the LAN network is known, e.g. igb0. The interface must be adapted to your primary network card. The current interface connected to the Internet can be determined with route -n get default | grep 'interface:' | grep -o '[^ ]*$', e.g. bge0 (to mention another example)

Another option would of course be to use a dedicated interface for jails and VMs only, but this will not be discussed further here.

Netzwerk

Two new interfaces are created for this purpose:

localnet0 = Private network only on the host. The host itself has the IP address 10.0.0.1 and the jails or VMs then receive 10.0.0.10-254.
publicnet0 = Bridge to the local network together with the interface igb0, via which the jails or VMs receive an IP address via DHCP from the LAN network of the host

This is prepared in /etc/rc.conf:

sysrc cloned_interfaces="bridge0 lo1"       # Creates new interfaces with the names bridge0 and lo1
sysrc ifconfig_bridge0_name="publicnet0"    # bridge0 is renamed to publicnet0
sysrc ifconfig_lo1_name="localnet0"         # lo1 is renamed to localnet0
sysrc ifconfig_publicnet0="addm igb0 up"    # igb0 is added to the network bridge
sysrc ifconfig_localnet0="inet 10.0.0.1/24" # Gateway address for localnet0
service gateway enable                      # The IP routing function of FreeBSD is activated

The customizations are activated with service netif restart and are visible via ifconfig:

publicnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
    options=0
    ether yy:yy:yy:y:yy:yy
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 1 priority 128 path cost 55
    groups: bridge
    nd6 options=9<PERFORMNUD,IFDISABLED>
localnet0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet 10.0.0.1 netmask 0xffffff00
    inet6 fe80::1%localnet0 prefixlen 64 scopeid 0x5
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

This concludes the preparations.

Console

Link to the code on Github, I'm always happy about suggestions for improvement!

Voilá