With the new Bastille version it is now FINALLY possible to assign a fixed MAC address to a FreeBSD jail. This is helpful if the IP addresses are assigned via DHCP (as is the case with me). Here we go.
New Jails
To create a jail with a fixed MAC address, it is sufficient to specify the new parameter -M when creating the jail.
Old Jails
But what about the existing jails? Three new lines are required in jail.conf, which are located below the
exec.prestart += "ifconfig epairXb up name eXb_JAILNAME"; line:
Pay attention to the epairX entries here, because this must match the rest of the config
JAILNAME should stand for itself, the meaning of MAC-A and MAC-B must be explained:
- VTNET jails have two virtual MAC addresses
- MAC-A is on the bridge and MAC-B on the jail, which is then also visible on the DHCP server
- eXa: The X must be replaced by the number that has already been used for the other entries
A random MAC address can be generated with openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//', e.g. 8b:75:d6:46:c6:45.
Simply replace the last digit with a and b, then you have your pair:
- MAC-A =
8b:75:d6:46:c6:4a - MAC-B =
8b:75:d6:46:c6:4b
Because you edit the respective configuration, e.g. /usr/local/bastille/jails/db/jail.conf
exec.prestart += "ifconfig eXa_JAILNAME ether MAC-A";
exec.prestart += "ifconfig eXb_JAILNAME ether MAC-B";
exec.prestart += "ifconfig eXa_JAILNAME description \"vnet host interface for Bastille jail JAILNAME\"";In this example, it looks completely like this:
db {
enforce_statfs = 2;
devfs_ruleset = 13;
exec.clean;
exec.consolelog = /var/log/bastille/db_console.log;
exec.start = '/bin/sh /etc/rc';
exec.stop = '/bin/sh /etc/rc.shutdown';
host.hostname = db;
mount.devfs;
mount.fstab = /usr/local/bastille/jails/db/fstab;
path = /usr/local/bastille/jails/db/root;
securelevel = 2;
osrelease = 14.2-RELEASE;
vnet;
vnet.interface = e8b_db;
exec.prestart += "ifconfig epair8 create";
exec.prestart += "ifconfig publicnet0 addm epair8a";
exec.prestart += "ifconfig epair8a up name e8a_db";
exec.prestart += "ifconfig epair8b up name e8b_db";
exec.prestart += "ifconfig e8a_db ether 8b:75:d6:46:c6:4a";
exec.prestart += "ifconfig e8b_db ether 8b:75:d6:46:c6:4b";
exec.prestart += "ifconfig e8a_db description \"vnet host interface for Bastille jail db\"";
exec.poststop += "ifconfig publicnet0 deletem e8a_db";
exec.poststop += "ifconfig e8a_db destroy";
}At the end, it is sufficient to restart the jail with bastille restart JAILNAME.
If the MAC address is registered accordingly in the DHCP server, the same IP is always assigned.
The BSDBox is my IT playground. Professional services around network, server and structure building I offer with my company computing-competence. If you find this content valuable and useful, I welcome feedback via matrix, email or follow me on Mastodon.
