SOLVED FreeNAS 11, iocage - no bpf(4) in jail

Status
Not open for further replies.
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
Hi, guys,

yesterday I tried to replace my DHCP/DNS bhyve VM with an iocage managed jail. I could not get iocage to provide /dev/bpf inside the jail. I did
Code:
iocage set bpf=on <jail>
, though.

Missing feature? Bug? Did I miss anything?

Thanks,
Patrick
 
scrappy

scrappy

Patron
Joined
Mar 16, 2017
Messages
347
Shared IP Jails (the default) rely on your host system's firewall unless you have set your jail to use vnet which provides the jail with its own network stack. You could then configure a firewall from within the jail. Iocage will not do this for you as far as I know.
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
1. I did configure a vnet jail, of course.
2. You are still missing the point. This is not a firewall but a devfs issue.

Patrick
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
What did I write in my initial post?

Kind regards,
Patrick
 
D

dlavigne

Guest
Fair enough :smile:

It may be a bug then. Please create a report at bugs.freenas.org that includes your debug (System -> Advanced -> Save Debug) and post your issue number here.
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
@Brandon Schneider: thanks for the update, for everyone else to read here:

"The new iocage port does not have DHCP support yet, this won't be a feature in 0.9.9, but may land in 1.0. In the meantime I suggest creating your own devfs ruleset and setting that on the jail"

Which raises the next question: how can I persistently create my own devfs ruleset in FreeNAS? I could use a post-init script that appends to /etc/defvs.rules, for example. Is there a more canonical way?

Thanks!
Patrick
 
Last edited:
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
This as a post-init script does the trick:
Code:
#! /bin/sh

cat >>/etc/devfs.rules <<EOF
# Add /dev/bpf to jail devices to run dhcpd
#
[devfsrules_bpfjail=10]
add include $devfsrules_jail
add path 'bpf*' unhide
EOF

combined with
Code:
iocage set  devfs_ruleset=10 <jail>


Take care,
Patrick
 
Last edited:
Status
Not open for further replies.

Similar threads

Basil Hendroff
SOLVED DNSMasq fails to start in 11.2-U2
Replies
6
Views
2K
Basil Hendroff
Basil Hendroff
tprelog
  • Locked
iocage plugins & jails for Home-Assistant, Mosquitto, TasmoAdmin and Amazon-Dash
Replies
2
Views
6K
tprelog
tprelog
airflow
creation of jails with release 11.3 results in error-message
Replies
2
Views
2K
airflow
airflow
thxtex
Compiling dsdplay for Logitech Media Server
Replies
1
Views
1K
Samuel Tai
Samuel Tai
Patrick M. Hausen
  • Locked
11.0-U2 iocage jails not started at boot time - intentional?
Replies
2
Views
1K
Patrick M. Hausen
Patrick M. Hausen
Top