Re: multiple interfaces for jail.conf(1) and jail_set(2)

Tue, 13 Dec 2016 21:43:49 -0800 

On 2016-12-13 23:47, Isaac (.ike) Levy wrote:
> Hi Valeri,
> 
>> On Dec 13, 2016, at 5:03 PM, Valeri Galtsev <galt...@kicp.uchicago.edu> 
>> wrote:
>>
>> On Tue, December 13, 2016 2:14 pm, Isaac (.ike) Levy wrote:
>>> Hi All,
>>>
>>> Can I specify multiple IP interfaces and assign IP’s to them using
>>> jail.conf?
>>> I have jails with IPv4/IPv6 addresses on multiple physical interfaces, as
>>> well as assigning a loopback.
>>
>> Last time I tried it which was about year and a half ago the answer was:
> 
> Just to clarify your answer,
> 
>> no, this is not possible. Jail can only have one IP address (in addition
>> to loopback addresses).
> 
> Do you mean this just for jail.conf configuration/usage?
> 
> If so, from all I’ve read and tried, that makes complete sense, and makes me 
> sad as it prevents me from using the slickness of jail.conf(1) and 
> jail_set(2) - not yet :)
> 
> --
> However, to be very clear for the list archive, jails can most definately 
> have many IP addresses, (since between FreeBSD 7 and 8 I believe?), including 
> loopback, (which is just an IP address like any other),
> 
> For example,
> 
> # ifconfig em0 inet alias 10.10.10.10/32
> # ifconfig em1 inet alias 10.10.10.11/32
> # ifconfig lo0 inet alias 127.0.0.11/32
> # ifconfig em0 inet6 alias 2:2:2:2::10 prefixlen 64
> # jail -c path=/some/place host.hostname=myjail 
> ip4.addr=“10.10.10.10,10.10.10.11,127.0.0.11" ip6.addr="2:2:2:2::10" 
> command=/bin/sh /etc/rc
> 
> Best,
> .ike
> 
> 
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
> 

In ezjail I can just do this:


export
jail_something_scaleengine_net_ip="vlan43|10.0.0.17,vlan43|2001:470:1::1:6667,lo0|127.0.3.1"

If you include the interface name like that, it will automatically add
the alias when the jail starts, and remove it when the jail stops
(simplifying the task of moving the jail to a different host)

If the IP is already bound to the machine, just use the comma separated
list of IPs.


-- 
Allan Jude

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to