Routing and Firewalling VLANS with FreeBSD, FreeBSD 12 VNET jail with ZFS howto, pkgsrc-2020Q4 released, FreeBSD on Raspberry Pi 4 With 4GB of RAM, HardenedBSD December 2020 Status Report, and more
This episode of BSDNow is brought to you by Tarsnap
In this article we are going to look at and integrate two network isolation technologies, VLANs and VNET. VLANs are common place, and if you have done some network management or design then you are likely to have interacted with them. The second are FreeBSDs VNET virtual network stacks, a powerful network stack isolation technology that gives FreeBSD jails super powers.
Ethernet VLAN (standardised by IEEE 802.1Q) are an extension to Ethernet and provide an essential method for scaling network deployments. They are used in all environments to enable reuse of common infrastructure by isolating portions of networks from each other. VLANs allow the reuse of common cables, switches and routers to carry completely different networks. It is common to have data that must be separated from different networks carried on common cables until their VLAN tags are finally stripped at a gateway switch or router.
How do I install, set up and configure a FreeBSD 12 jail with VNET on ZFS? How can I create FreeBSD 12 VNET jail with /etc/jail.conf to run OpenVPN, Apache, Wireguard and other Internet-facing services securely on my BSD box?
FreeBSD jail is nothing but operating system-level virtualization that allows partitioning a FreeBSD based Unix server. Such systems have their root user and access rights. Jails can use network subsystem virtualization infrastructure or share an existing network. FreeBSD jails are a powerful way to increase security. Usually, you create jail per services such as an Nginx/Apache webserver with PHP/Perl/Python app, WireGuard/OpeNVPN server, MariaDB/PgSQL server, and more. This page shows how to configure a FreeBSD Jail with vnet and ZFS on FreeBSD 12.x.
The pkgsrc developers are proud to announce the 69th quarterly release
of pkgsrc, the cross-platform packaging system. pkgsrc is available
with more than 24,000 packages, running on 23 separate platforms; more
information on pkgsrc itself is available at https://www.pkgsrc.org/
This is the story of how I managed to get FreeBSD running on a Raspberry Pi 4 with 4GB of RAM, though I think the setup story is pretty similar for those with 2GB and 8GB.1
Happy New Year! On this the last day of 2020, I submit December's status report.
- Christmas Cards The Unix Way - with pic and troff
- Fast RPI3 upgrade from source (cross compile) *** ###Tarsnap
- This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to firstname.lastname@example.org ***