FreeBSD vimage jails

I tried to use VIMAGE for jails, can be summarized as: independant network stack, firewalling, nat, a real loopback … for your jails

First I had pf in my kernel, it does not work with VIMAGE, it will kernel panic, (as module too), so remove it (I hope it will be solved soon).

I used the package from DruidBSD: vimage boot, and used the following config:

vimage_enable="YES"     
vimage_list="testjail"
vimage_testjail_rootdir="/usr/jails/testjail"           # root directory
vimage_testjail_hostname="testjail"      # hostname
vimage_testjail_devfs_enable="YES"                      # mount devfs
vimage_testjail_vnets="vtnet1"                         # network interfaces

vtnet1 is a dedicated hard interface (from KVM) and will appears only in the jail after you start /etc/rc.d/vimage start

Nice but I need a bridge there so I needed netgraph modules, but I encounter this issue: link_elf_obj: symbol ifnet undefined, for unknown reason VIMAGE will break ng_ether if used as module, add it to your kernel then rebuild:

# Virtual networking for jail
options         VIMAGE
device          epair
device          if_bridge

option          NETGRAPH
option          NETGRAPH_ETHER

No you can use vimage_testjail_bridges=“vtnet0” instead of vimage_testjail_vnets, it will automagically create a bridge visible in you jail named ng0_testjail.

Happy jailing !