Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-18 08:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

More info about VLAN config

Browse Source
This commit is contained in:
thenktor
2025-05-28 09:15:11 +02:00
parent 9911f75346
commit e28fef8396
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/chapters/networking.rst
View File

@@ -311,18 +311,23 @@ VLAN Configuration
Bastille supports VLANs to some extent when creating jails. When creating a jail, use Bastille supports VLANs to some extent when creating jails. When creating a jail, use
the ``--vlan ID`` options to specify a VLAN ID for your jail. This will set the proper the ``--vlan ID`` options to specify a VLAN ID for your jail. This will set the proper
variables inside the jails `rc.conf` to add the jail to the specified VLAN. variables inside the jails `rc.conf` to add the jail to the specified VLAN. Using this method
the bridge for the jail must carry tagged VLAN packets, e.g. you can bridge a VLAN trunk to
the jail and in the jail you then can access all VLANs. But be careful: This may have
security implications.
You cannot use the ``-V`` options with interfaces that have dots (.) in the name, which is the You cannot use the ``-V``/``--vnet`` options with interfaces that have dots (.) in the name, which is the
standard way of naming a VLAN interface. This is due to the limitations standard way of naming a VLAN interface. This is due to the limitations
of the JIB script that Bastille uses to manage VNET jails. of the JIB script that Bastille uses to manage VNET jails.
You can however use ``-B`` with VLAN interfaces (even with dots in the name). Below You can however use ``-B``/``--bridge`` with VLAN interfaces (even with dots in the name).
is an ``rc.conf`` snippet that was provided by a user who has such a configuration. Using this method you create bridge interfaces in ``rc.conf`` and only add VLANs, that are needed
for the jail. The jail only has access to this VLAN then and not to the whole trunk.
Below is an ``rc.conf`` snippet that was provided by a user who has such a configuration.
.. code-block:: shell .. code-block:: shell
# rename ethernet interfaces # rename ethernet interfaces (optional)
ifconfig_igb1_name="eth1" ifconfig_igb1_name="eth1"
ifconfig_eth1_descr="vm/jail ethernet interface" ifconfig_eth1_descr="vm/jail ethernet interface"
@@ -344,7 +349,7 @@ is an ``rc.conf`` snippet that was provided by a user who has such a configurati
ifconfig_eth1_20="up" ifconfig_eth1_20="up"
ifconfig_eth1_30="up" ifconfig_eth1_30="up"
Notice that the interfaces are bridge interfaces, and can be used with ``-B`` Notice that the interfaces are bridge interfaces, and can be used with ``-B``/``--bridge``
without issue. without issue.
Regarding Routes Regarding Routes