Isaac (.ike) Levy wrote:
Hi All,
Can I specify multiple IP interfaces and assign IP’s to them using jail.conf?
I have jails with IPv4/IPv6 addresses on multiple physical interfaces, as well
as assigning a loopback.
I have not found answers in the respective man pages or digging online.
I’m finally starting to poke around to start using the impressively simple
jail.conf subsystem to manage jails. I have been managing jails with simple
custom start scripts since 99’, and custom devfs rulesets since ~2006, so
jail.conf(1) and jail_set(2) are a big welcome change for me- really awesome
and clean :)
--
Additional detail to clarify my loopback use:
In general, I always assign each jail it’s own a loopback IP somewhere in the
RFC5735 specified range, 127.0.0.0/8 - (simply saving 127.0.0.1 for the jailing
host), and then I simply set localhost to point at it’s IP in /etc/hosts for
the jail. On the host, I simply add the IP alias to lo0 like any other
interface.
This is often overlooked in common jailing practice, but often eliminates
complexity and confusion for many userland daemons. For full Virtual Server
applications, loopback is simply dotting the i’s and crossing the t’s.
I can see how localhost would be challenging to automate for easy jail.conf
configuration, mostly, in picking a loopback IP for the jail and not letting
that get messy- etc…
Thanks in advance for any info!
Best,
.ike
Using native jail.conf you can assign multiple NICs with both ipv4 &
ipv6 ip address. By native I mean use the jail(8) command to start/stop
your jails IE. not [service jail start] command. Use this format
ip.addr = "rlo:10.0.10.02,xl0:10.20.10.07,lo0:127.10.0.02" This will
also automatically create and remove the required aliases.
A word about loopback. Just like on the host, most services do not use
the loopback interface, this is also true for jailed services. Only
services that default to using the loopback interface need one defined
in the jail to work correctly.
Take note, the services that use the loopback interface default to using
127.0.0.1 ip address. For a service in a jail that uses loopback MUST
have it's configuration changed to use the 127.10.0.02 ip address
assigned on the jails jail.conf ip.addr parameter. No service in a jail
can be assigned the hosts 127.0.0.1 ip address.
I recommend you check out these ports,
jail-primer gives background on jails across Freebsd releases.
qjail a utility that simplifies jail admin.
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
