Re: multiple interfaces for jail.conf(1) and jail_set(2)

[Isaac (.ike) Levy]

Wow, that’s rad Michael,

> On Dec 14, 2016, at 3:30 PM, Michael Grimm <trash...@ellael.org> wrote:
> 
> Isaac (.ike) Levy <i...@blackskyresearch.net> wrote:
> 
>> Can I specify multiple IP interfaces and assign IP’s to them using jail.conf?
> 
> Not sure if I understand your question correctly, but I do define the 
> following in my jail.conf for VNET jails:
> 
> #
> # host dependent global settings
> #
> $ip6prefixLOCAL                = "fd00:dead:beef:1234";
> 
> #
> # global jail settings
> #
> host.hostname          = "${name}";
> path                   = "/usr/home/jails/${name}";
> mount.fstab            = "/etc/fstab.${name}";
> exec.consolelog        = "/var/log/jail_${name}_console.log";
> vnet                   = "new";
> vnet.interface                 = "epair${jailID}b";
> exec.clean;
> mount.devfs;
> persist;
> 
> #
> # network settings to apply/destroy during start/stop of every jail
> #
> exec.prestart          = "sleep 2";
> exec.prestart         += "/sbin/ifconfig epair${jailID} create up";
> exec.prestart         += "/sbin/ifconfig bridge0 addm epair${jailID}a";
> exec.start             = "/sbin/sysctl net.inet6.ip6.dad_count=0";
> exec.start            += "/sbin/ifconfig lo0 127.0.0.1 up";
> exec.start            += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr}";
> exec.start            += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr}";
> exec.start            += "/sbin/route add default -gateway 10.1.1.254";
> exec.start            += "/sbin/route add -inet6 default -gateway 
> ${ip6prefixLOCAL}::254";
> exec.stop              = "/sbin/route del default";
> exec.stop             += "/sbin/route del -inet6 default";
> exec.stop             += "/bin/sh /etc/rc.shutdown";
> exec.poststop                  = "/sbin/ifconfig epair${jailID}a destroy";
> 
> #
> # individual jail settings
> #
> dns {
>       $jailID          = 1;
>       $ip4_addr        = 10.1.1.1;
>       $ip4_addr_2      = 10.1.1.2;
>       $ip6_addr        = ${ip6prefixLOCAL}::1/64;
>       $ip6_addr_2      = ${ip6prefixLOCAL}::2/64;
>       exec.start      += "/sbin/ifconfig epair${jailID}b inet  ${ip4_addr_2} 
> alias";
>       exec.start      += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr_2} 
> alias";
>       exec.start      += "/bin/sh /etc/rc";
> }
> 
> etc.

I’ll need to study/look up some of that syntax, to fully grok this, but that 
comprehensive example appears to hit the nail on the head several times over 
with the exec.start/exec.stop action.

Two questions though:

- I’m confused how you define the shell style $ variables in your individual 
jail settings above, e.g. ‘$ip4_addr_2 = 10.1.1.2;’, why/how does that work?  
Is that a variable to be expanded, or some other behavior?

> Again, not sure if I do understand your issue correctly, but the shown 
> examples of exec.start, exec.stop, etc. are quite versatile to use.
> 
> I do start/stop my jails by "service jail start/stop”.

- Obviously you state you’re using service to start/stop jails, but shouldn’t 
this work with ‘jail -c <jailname>’, or are these subsystems not interoperable?

Thanks!

Best,
.ike



> 
> Hope that helps,
> Michael
> 
> 
> 
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"