FreeBSD Jails: Setting up DHCP addresses

Bastille 0.10.20231013 brought in the ability to use both DHCP and SLAAC to set addresses for your VNET jails. For me, this makes it easier to manage the addresses of the jails because I prefer to use my router’s DHCP server to manage addresses rather than setting static IPs. To do this, we create the jail, but pass "DHCP SLAAC" as the IP address parameters. This will create a jail that will automatically be assigned the next available addresses.

I still like to have some consistency in addressing (e.g. everything linked to Home Assistant goes in the 10.10.10.3x group) so I set static addresses at the DHCP server. To get this working, we need to know the hwaddr MAC address from inside the jail (it will always end in b). First, we put this MAC address ending in b wherever in your DHCP server’s static address list. I’ve told DHCP to give this jail 10.10.10.31 as its IPV4 address.

host # bastille create -V mqtt 14.0-RELEASE "DHCP SLAAC" igb0

host # bastille cmd mqtt ifconfig
[mqtt]:
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x20
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 0e:20:a1:3c:9f:8f
        hwaddr 02:e7:b0:86:45:0b                                            <--------COPY THIS
        inet 10.10.10.128 netmask 0xff000000 broadcast 10.255.255.255
        inet6 fe80::c20:a1ff:fe3c:9f8f%vnet0 prefixlen 64 scopeid 0x1f
        inet6 [REDACTED] prefixlen 64 autoconf pltime 14400 vltime 86400
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
[mqtt]: 0a

Then, we force the jail to use the same hwaddrs each time the jail starts up. A VNET jail actually has two hwaddrs. One address is for the connection to the bridge and ends in a. The other address is for the connection to the jail and ends in b.

host # vim /usr/local/bastille/jails/mqtt/jail.conf
mqtt {
  devfs_ruleset = 13;
  enforce_statfs = 2;
  exec.clean;
  exec.consolelog = /var/log/bastille/mqtt_console.log;
  exec.start = '/bin/sh /etc/rc';
  exec.stop = '/bin/sh /etc/rc.shutdown';
  host.hostname = mqtt;
  mount.devfs;
  mount.fstab = /usr/local/bastille/jails/mqtt/fstab;
  path = /usr/local/bastille/jails/mqtt/root;
  securelevel = 2;
  osrelease = 14.0-RELEASE;

  vnet;
  vnet.interface = e0b_bastille9;
  exec.prestart += "jib addm bastille9 igb0";

  exec.prestart += "ifconfig e0a_bastille9 ether 02:e7:b0:86:45:0a";    <---- ADD THESE TWO LINES, Note that the two MAC addresses are different
  exec.prestart += "ifconfig e0b_bastille9 ether 02:e7:b0:86:45:0b";    <---- Note: I copied this straight from the output of the jails `ifconfig`
                                                                        <---- For consistency, the MAC ending in b attaches to e0b_
                                                                        <---- and the MAC ending in a attaches to e0a_

  exec.prestart += "ifconfig e0a_bastille9 description \"vnet host interface for Bastille jail mqtt\"";
  exec.poststop += "jib destroy bastille9";
}

When we restart the jail, we should see the new IPV4 address:

host # bastille restart mqtt
[mqtt]:
mqtt: removed

no IP address found for not set
[mqtt]:
e0a_bastille9
e0b_bastille9
mqtt: created

host # bastille cmd mqtt ifconfig
[mqtt]:
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x20
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:e7:b0:86:45:0b
        hwaddr 02:96:41:e1:16:0b
        inet 10.10.10.31 netmask 0xff000000 broadcast 10.255.255.255
        inet6 fe80::e7:b0ff:fe86:450b%vnet0 prefixlen 64 scopeid 0x1f
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
[mqtt]: 0

host # bastille list -a
 JID             State  IP Address       Published Ports  Hostname        Release          Path
 mqtt            Up     10.10.10.31      -                mqtt            14.0-RELEASE-p4  /usr/local/bastille/jails/mqtt/root

Success.