Bastille VNET on GCPΒΆ
Bastille VNET runs on GCP with a few small tweaks. In summary, they are:
change MTU setting in jib script
add an IP address to the bridge interface
configure host pf to NAT and allow bridge traffic
set defaultrouter and nameserver in the host
## Change MTU in the jib script
GCP uses vtnet
with MTU 1460, which [jib fails on](https://github.com/BastilleBSD/bastille/issues/538).
Apply the below patch to set the correct MTU. You may need to cp /usr/share/examples/jails/jib /usr/local/bin/
first.
patch /usr/local/bin/jib jib.patch
## Configure bridge interface
Configure the bridge interface in /etc/rc.conf so it is available in the firewall rules.
## Configure host pf
This basic /etc/pf.conf allow incoming packets on the bridge interface, and NATs them through the external interface:
Restart the host and make sure everything comes up correctly. You should see the following ifconfig:
## Configure router and resolver for new jails
Set the default network gateway for new jails as described in the Networking chapter, and configure a default resolver.
You can now create a VNET jail with bastille create -V myjail 13.2-RELEASE 192.168.1.50/24 vtnet0