Re: multiple interfaces for jail.conf(1) and jail_set(2)

Thu, 15 Dec 2016 10:37:19 -0800 

[cc'd to freebsd-jail@FreeBSD.org where that thread originated]

Valeri Galtsev <galt...@kicp.uchicago.edu> wrote:

> On Wed, December 14, 2016 2:30 pm, Michael Grimm wrote:

>> #
>> # network settings to apply/destroy during start/stop of every jail
>> #
>> exec.prestart                 = "sleep 2";
>> exec.prestart                += "/sbin/ifconfig epair${jailID} create up";
>> exec.prestart                += "/sbin/ifconfig bridge0 addm 
>> epair${jailID}a";
>> exec.start            = "/sbin/sysctl net.inet6.ip6.dad_count=0";
>> exec.start           += "/sbin/ifconfig lo0 127.0.0.1 up";
>> exec.start           += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr}";
>> exec.start           += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr}";
>> exec.start           += "/sbin/route add default -gateway 10.1.1.254";
>> exec.start           += "/sbin/route add -inet6 default -gateway 
>> ${ip6prefixLOCAL}::254";
>> exec.stop             = "/sbin/route del default";
>> exec.stop            += "/sbin/route del -inet6 default";
>> exec.stop            += "/bin/sh /etc/rc.shutdown";
>> exec.poststop                 = "/sbin/ifconfig epair${jailID}a destroy";
>> 
>> #
>> # individual jail settings
>> #
>> dns {
>>      $jailID          = 1;
>>      $ip4_addr        = 10.1.1.1;
>>      $ip4_addr_2      = 10.1.1.2;

[…]

> Michael, is it possible to have two addresses belonging to two different
> networks (through two different network interfaces)?
> 
> Say, on host system:
> 
> ifconfig_igb0="inet 172.20.9.22 ...
> ifconfig_igb1="inet 10.1.1.17 ...
> 
> 
> and in some jail
> 
>       $ip4_addr        = 172.20.9.22;
>       $ip4_addr_2      = 10.1.1.17;
> 
> - will that work? This is what didn't work for me in the past when
> configured jails old style in /etc/rc.conf

I can't answer that because I have never tried it before.

Those exec.<foo> will give you a very fine-grained control over which commands 
are run at the host environment (exec.prestart, exec.poststop, exec.poststart) 
or within the jail's environment (exec.start, exec.stop, exec.prestop) in which 
order. Have a look at jail(8) for details (and presumably more exec.<variants>).

Therefore I am quite confident that whatever could be done with jails might be 
"coded" into jail.conf.

Regards,
Michael




_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Reply via email to