freebsd vnet jail config

jail.conf

host.hostname = "pat-$name";
vnet;
mount.devfs;
exec.clean;
exec.start = "sh /etc/rc";
exec.stop = "sh /etc/rc.shutdown";
path = "/jail/$name";
devfs_ruleset = 6;
vnet.interface = "epair${epair}b";
exec.prestart = "ifconfig epair${epair} create up";
#exec.prestart += "ifconfig epair${epair}a -alias 0.0.0.0";
exec.prestart += "ifconfig bridge0 addm epair${epair}a";
exec.start += "ifconfig epair${epair}b ${ip}/24";
exec.start += "route add default 192.168.42.1";
exec.poststop = "ifconfig epair${epair}a destroy";

base {
  $epair = 1;
  $ip = "192.168.42.100";
}

jail1 {
  $epair = 2;
  $ip = "192.168.42.101";
  exec.start += "/usr/local/hello/bin/hello daemon";
}

jail2 {
  $epair = 3;
  $ip = "192.168.42.102";
  exec.start += "/usr/local/hello/bin/hello daemon";
}

elixir-build {
  $epair = 4;
  $ip = "192.168.42.103";
}

loader.conf

# needed for vtnet0 (cloud-based NIC) to disable hardware offloading
# otherwise the performance sucks
hw.vtnet.csum_disable=1
hw.vtnet.X.csum_disable=1
hw.vtnet.tso_disable=1
hw.vtnet.X.tso_disable=1
hw.vtnet.lro_disable=1
hw.vtnet.X.lro_disable=1

pf.conf

nat on igb1 from bridge0:network to any -> (igb1)
pass all

rc.conf

clear_tmp_enable="YES"
syslogd_flags="-ss"
sendmail_enable="NONE"
hostname="probsd"
ifconfig_igb1="DHCP"
ifconfig_igb1_ipv6="inet6 accept_rtadv"
local_unbound_enable="NO"
sshd_enable="YES"
ntpd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0="192.168.42.1/24"
gateway_enable="YES"
jail_enable="YES"
pf_enable="YES"
tailscaled_enable="YES"