Isaac (.ike) Levy <i...@blackskyresearch.net> wrote
> Wow, that’s rad Michael,
>
>> On Dec 14, 2016, at 3:30 PM, Michael Grimm <trash...@ellael.org> wrote:
>>
>> Isaac (.ike) Levy <i...@blackskyresearch.net> wrote:
>>
>>> Can I specify multiple IP interfaces and assign IP’s to them using
>>> jail.conf?
>>
>> Not sure if I understand your question correctly, but I do define the
>> following in my jail.conf for VNET jails:
>>
>> #
>> # host dependent global settings
>> #
>> $ip6prefixLOCAL = "fd00:dead:beef:1234";
>>
>> #
>> # global jail settings
>> #
>> host.hostname = "${name}";
>> path = "/usr/home/jails/${name}";
>> mount.fstab = "/etc/fstab.${name}";
>> exec.consolelog = "/var/log/jail_${name}_console.log";
>> vnet = "new";
>> vnet.interface = "epair${jailID}b";
>> exec.clean;
>> mount.devfs;
>> persist;
>>
>> #
>> # network settings to apply/destroy during start/stop of every jail
>> #
>> exec.prestart = "sleep 2";
>> exec.prestart += "/sbin/ifconfig epair${jailID} create up";
>> exec.prestart += "/sbin/ifconfig bridge0 addm
>> epair${jailID}a";
>> exec.start = "/sbin/sysctl net.inet6.ip6.dad_count=0";
>> exec.start += "/sbin/ifconfig lo0 127.0.0.1 up";
>> exec.start += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr}";
>> exec.start += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr}";
>> exec.start += "/sbin/route add default -gateway 10.1.1.254";
>> exec.start += "/sbin/route add -inet6 default -gateway
>> ${ip6prefixLOCAL}::254";
>> exec.stop = "/sbin/route del default";
>> exec.stop += "/sbin/route del -inet6 default";
>> exec.stop += "/bin/sh /etc/rc.shutdown";
>> exec.poststop = "/sbin/ifconfig epair${jailID}a destroy";
>>
>> #
>> # individual jail settings
>> #
>> dns {
>> $jailID = 1;
>> $ip4_addr = 10.1.1.1;
>> $ip4_addr_2 = 10.1.1.2;
>> $ip6_addr = ${ip6prefixLOCAL}::1/64;
>> $ip6_addr_2 = ${ip6prefixLOCAL}::2/64;
>> exec.start += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr_2}
>> alias";
>> exec.start += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr_2}
>> alias";
>> exec.start += "/bin/sh /etc/rc";
>> }
>>
>> etc.
>
> I’ll need to study/look up some of that syntax, to fully grok this, but that
> comprehensive example appears to hit the nail on the head several times over
> with the exec.start/exec.stop action.
>
> Two questions though:
>
> - I’m confused how you define the shell style $ variables in your individual
> jail settings above, e.g. ‘$ip4_addr_2 = 10.1.1.2;’, why/how does that work?
> Is that a variable to be expanded, or some other behavior?
This is described in jail.conf(5) under the section "variables". I do have 10
jails running, and those $ variables/parameters are very helpful, indeed.
>> Again, not sure if I do understand your issue correctly, but the shown
>> examples of exec.start, exec.stop, etc. are quite versatile to use.
>>
>> I do start/stop my jails by "service jail start/stop”.
>
> - Obviously you state you’re using service to start/stop jails, but shouldn’t
> this work with ‘jail -c <jailname>’, or are these subsystems not
> interoperable?
Hmm. I do have to admit that I never tried 'jail -c <jailname>', but I just
gave it a try, and yes, it works as well :-)
I do use "service jail start/stop" because that will obey my pre-defined
starting/stopping order of jails (which I do need to have, e.g. dns before mail
and such) in /etc/rc.conf
jail_enable="YES"
jail_reverse_stop="YES"
jail_list="dns mail ..."
Regards,
Michael
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
