LoginSignup
7
6

More than 5 years have passed since last update.

FreeBSDAdvent Calendar 2018Day 19
@psaxuww

FreeBSD 12.0で Jail(VIMAGE) を qjail で構築

Last updated at Posted at 2018-12-18

FreeBSD12.0からデフォルトで有効化されたVIMAGEを使ってjailを構築してみます
qjailはVIMAGEに対応済みなのでqjailを使ってみます
qjail: http://qjail.sourceforge.net/
Qjail Vnet Howto の手順通りに行います

環境

FreeBSDのバージョン: 12.0 Release
qjailのバージョン:   5.4
デフォルトゲートウェイ: 192.168.141.2
IPアドレス: 192.168.141.167/24

※VMware Fusion上のFreeBSD12.0でネットワークアダプタの設定は "Macを共有" にしています

qjailをインストール

# pkg install -y qjail

jail環境用のファイルをダウンロード

デフォルトでftp2.freebsd.orgが使われていますが"404 - Not Found"になったので
ダウンロード先をftp3.freebsd.orgに変更して実行します

# qjail install -h ftp3.freebsd.org
resolving server address: ftp3.freebsd.org:80
requesting http://ftp3.freebsd.org/pub/FreeBSD/releases/amd64/amd64/12.0-RELEASE/base.txz
remote size / mtime: 154325028 / 1544159064
base.txz                                        2% of  147 MB  706 kBps 03m13s

jailを作成

jailを1つ作成します。IPアドレスは192.168.141.168、名前はv10にします

# qjail create -4 192.168.141.168 v10
Successfully created  v10

VIMAGE用の設定

作成したv10にVIMAGE用の設定を行います

# qjail config -w em0 -v none v10
Successfully enabled vnet.interface for v10
Successfully enabled vnet for v10

v10の設定ファイルは/usr/local/etc/qjail.config/v10に作成されます。中身はこんな感じです

# cat /usr/local/etc/qjail.config/v10
v10 {
host.hostname       =  "v10";
path                =  "/usr/jails/v10";
mount.fstab         =  "/usr/local/etc/qjail.fstab/v10";
exec.consolelog     =  "/var/log/qjail.v10.console.log";
mount.devfs;
devfs_ruleset       =  "4";
vnet                =  "new";
vnet.interface      =  "epair9b";
exec.start   = "ifconfig epair9b 192.168.141.168";
exec.start  += "route add default 192.168.141.2";
exec.start  += "/bin/echo "epair9b" > /etc/epair";
exec.start  += "/bin/sh /etc/rc";
exec.stop    = "/bin/sh /etc/rc.shutdown";
}

v10を起動する

# qjail start v10
Jail successfully started  v10

NICの設定を確認

bridge10とepair9aが追加されています

# ifconfig -a
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=810099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
    ether 00:0c:29:88:52:6c
    inet 192.168.141.167 netmask 0xffffff00 broadcast 192.168.141.255
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 02:ce:e4:af:bf:0a
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: epair9a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 4 priority 128 path cost 2000
    member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 1 priority 128 path cost 20000
    groups: bridge
    nd6 options=1<PERFORMNUD>
epair9a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8<VLAN_MTU>
    ether 02:b4:a7:8e:98:0a
    inet6 fe80::b4:a7ff:fe8e:980a%epair9a prefixlen 64 scopeid 0x4
    groups: epair
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

jail(v10)にログイン&NIC設定確認&接続確認

NICの設定はこんな感じになります
インターネットとの接続も確認できました

# qjail console v10
FreeBSD 12.0-RELEASE r341666 GENERIC

Welcome to your FreeBSD jail.
v10 /root >ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair9b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8<VLAN_MTU>
    ether 02:b4:a7:8e:98:0b
    inet 192.168.141.168 netmask 0xffffff00 broadcast 192.168.141.255
    inet6 fe80::b4:a7ff:fe8e:980b%epair9b prefixlen 64 scopeid 0x2
    groups: epair
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
v10 /root >ping -c 2 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=128 time=8.688 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=7.727 ms

--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 7.727/8.207/8.688/0.481 ms

トラブルシューティング

今回の環境ではトラブルは発生しませんでしたが、環境などによって発生するかもしれないので
下記のページの"Trouble shooting network problems."を参照すると解決するかもしれません
http://qjail.sourceforge.net/qjail-vnet-howto.html

7
6
1

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
7
6