On 2015-12-18 00:48, Garrett Wollman wrote:
I'm a bit new to managing jails, and one of the things I'm finding I need is a way for jails to have their own private loopback interfaces -- so that things like sendmail and local DNS resolvers actually work right without explicit configuration. Is there any way of making this work short of going all the way to full VIMAGE? (I'm reluctant to do the latter because it then means I have to carry two separate kernels, one for performance and one for jail hosts.) Or is VIMAGE cheap enough that I won't notice the performance hit? Does that even get me to where I need to be (with each jail having its own 127.0.0.1)?
You can create additional loopback interfaces for jails that need them, e.g. cloned_interfaces="lo1 lo2 lo3" or from a command line: ifconfig lo1 create up then assign them a unique address (through a jail setting), either from the 127.0.0.0/8 range (like 127.0.1.1/32), or some other private non-routable address, possibly an IPv6 address. In a jail you will then need to use this unique address for inter-process communication over a lo1 loopback interface. ip4_addr:lo1|127.0.1.1 Mark _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
