From owner-freebsd-jail@FreeBSD.ORG Sun Feb 3 11:27:17 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0BE2F16A41B for ; Sun, 3 Feb 2008 11:27:17 +0000 (UTC) (envelope-from antinvidia@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.187]) by mx1.freebsd.org (Postfix) with ESMTP id CF32E13C469 for ; Sun, 3 Feb 2008 11:27:16 +0000 (UTC) (envelope-from antinvidia@gmail.com) Received: by rv-out-0910.google.com with SMTP id g13so1351252rvb.43 for ; Sun, 03 Feb 2008 03:27:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:mime-version:content-type; bh=oHtEfJg4VK3HaxvNzU+CuRRbjuY8J+7aUbGXDiPCEVw=; b=fohgie6EZzcrhd+YoMpSeTq2BMQmJKvHwKWw1UICohnsxbrCt0nQYTKqfSymL1hDWDK7Gx6mkNvdl2+NUiJCuTXCGeFh//n/3YKTuEzRFsYTj4TgLlA21o6tKHaoqJg/VLt5PuBKou7Yn4yIuhgqdywg92dP+t0XRwXm8WySYeI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:mime-version:content-type; b=UHEITdNCDX4rMrjEf851+uWiYH0/U+buWkTAk+jmIcrhWJ8C0mJ5iK0n+VN59559z6v8XeFrs0sRrw5jBK7ivKt5o8pedjTv5tp9oAV1937jTpFPhvS0hyeRQE/RXFb0kwKV29oGGnNOEeoZUEHWKJCge2PzINEjN+XOsZ+p2iU= Received: by 10.141.49.6 with SMTP id b6mr3827425rvk.223.1202036358038; Sun, 03 Feb 2008 02:59:18 -0800 (PST) Received: by 10.140.166.4 with HTTP; Sun, 3 Feb 2008 02:59:17 -0800 (PST) Message-ID: Date: Sun, 3 Feb 2008 18:59:17 +0800 From: MQ To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org Subject: Some problems about network related prison_() functions X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Feb 2008 11:27:17 -0000 Hi, everyone I skimmed through the jail implementation in the kernel recently. Now, I have some questions about the codes. 1. The flag parameter of both prison_ip() and prison_remote_ip() are not used actually. All the calls to them pass 0 as the argument. From the codes, I think these unused parameters should be used to indicate the byte order of the ip parameter. However, no caller passes ip in host byte order. Now, I'm thinking if we could remove this flag, and assume all the callers to these two functions should pass ip in network byte order? 2. The pr_ip member in the prison structure is used to store an IPv4 address in host byte order. This implementation requires a translation between host byte order and network byte order on certain veriable before comparison or assignment. To meet this requirement, some extra codes should be written, and it also increased the running time of the system. So, I am considering if storing an IP address in network byte order is possible. Though it may break some userland utilities temporarily, I think this change will make the codes more straightforward and clear. Please let me know how you see my questions. Thanks. By the way, I've heard that someone is making the improvements that allow the jail to hold multiple IP addresses. Maybe you can take a look at my suggestions? Thanks. MQ From owner-freebsd-jail@FreeBSD.ORG Mon Feb 4 11:07:02 2008 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CDF7616A479 for ; Mon, 4 Feb 2008 11:07:02 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B834613C442 for ; Mon, 4 Feb 2008 11:07:02 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m14B72wp017304 for ; Mon, 4 Feb 2008 11:07:02 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m14B72ZD017300 for freebsd-jail@FreeBSD.org; Mon, 4 Feb 2008 11:07:02 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 4 Feb 2008 11:07:02 GMT Message-Id: <200802041107.m14B72ZD017300@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2008 11:07:02 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail 2 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/119305 jail [jail] [patch] jexec(8): jexec -n prisonname: selectio 9 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Feb 4 20:36:39 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7B05D16A417 for ; Mon, 4 Feb 2008 20:36:39 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mesiob.obspm.fr (mesiob.obspm.fr [145.238.186.2]) by mx1.freebsd.org (Postfix) with ESMTP id 0558313C4FB for ; Mon, 4 Feb 2008 20:36:38 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from localhost (pcjas.obspm.fr [145.238.184.233]) by mesiob.obspm.fr (8.13.4/8.13.4/SIO Observatoire de Paris) with ESMTP id m14KNcHc024292 for ; Mon, 4 Feb 2008 21:23:38 +0100 Date: Mon, 4 Feb 2008 21:23:38 +0100 From: Albert Shih To: freebsd-jail@FreeBSD.org Message-ID: <20080204202338.GA85434@pcjas.obspm.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.17 (2007-11-01) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mesiob.obspm.fr [145.238.186.2]); Mon, 04 Feb 2008 21:23:38 +0100 (CET) X-Virus-Scanned: ClamAV version 0.92, clamav-milter version 0.92 on mesiob.obspm.fr X-Virus-Status: Clean Cc: Subject: ports snapshot is corrupt X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2008 20:36:39 -0000 Hi all I've run many jail and don't have any trouble....almost.... On my «standard» FreeBSD (not jail) I never have any trouble with the ports using portsnap fetch/portsnap update. But on my jail-FreeBSD many time I've (after working sometime) the «snapshot is corrupt» message when I do portsnap fetch. Do you have this kind of problem ? Regards. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Heure local/Local time: Lun 4 fév 2008 21:21:25 CET From owner-freebsd-jail@FreeBSD.ORG Tue Feb 5 16:23:33 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 017DD16A420; Tue, 5 Feb 2008 16:23:33 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mesiob.obspm.fr (mesiob.obspm.fr [145.238.186.2]) by mx1.freebsd.org (Postfix) with ESMTP id 8C22513C448; Tue, 5 Feb 2008 16:23:32 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from localhost (pcjas.obspm.fr [145.238.184.233]) by mesiob.obspm.fr (8.13.4/8.13.4/SIO Observatoire de Paris) with ESMTP id m15GNRjl015776; Tue, 5 Feb 2008 17:23:28 +0100 Date: Tue, 5 Feb 2008 17:23:27 +0100 From: Albert Shih To: freebsd-questions@freebsd.org, freebsd-jail@freebsd.org Message-ID: <20080205162327.GF94606@pcjas.obspm.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.17 (2007-11-01) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mesiob.obspm.fr [145.238.186.2]); Tue, 05 Feb 2008 17:23:28 +0100 (CET) X-Virus-Scanned: ClamAV version 0.92, clamav-milter version 0.92 on mesiob.obspm.fr X-Virus-Status: Clean Cc: Subject: How to use two interface with jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2008 16:23:33 -0000 Hi all I've a server to run FreeBSD 7.0 with jail. On the server the are two physical interfaces. This two interfaces are on two different ip subnet. All jail are on the second interface How can I make all traffic from the server/for the server pass through the first interface all traffic from the jail /for the jail pass through the second interface. In fact : How can make two «default router» on for the server, another for all jail. Regards NB: Sorry for cross posting. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Heure local/Local time: Mar 5 fév 2008 17:18:35 CET From owner-freebsd-jail@FreeBSD.ORG Tue Feb 5 16:37:25 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5EE116A417; Tue, 5 Feb 2008 16:37:25 +0000 (UTC) (envelope-from lists@c0mplx.org) Received: from home.c0mplx.org (unknown [IPv6:2001:14f8:200::1]) by mx1.freebsd.org (Postfix) with ESMTP id 9AC2B13C461; Tue, 5 Feb 2008 16:37:25 +0000 (UTC) (envelope-from lists@c0mplx.org) Received: from pi by home.c0mplx.org with local (Exim 4.66 (FreeBSD)) (envelope-from ) id 1JMQnV-000FJ7-Bd; Tue, 05 Feb 2008 17:37:25 +0100 Date: Tue, 5 Feb 2008 17:37:25 +0100 From: Kurt Jaeger To: Albert Shih Message-ID: <20080205163725.GK1757@home.c0mplx.org> References: <20080205162327.GF94606@pcjas.obspm.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20080205162327.GF94606@pcjas.obspm.fr> Cc: freebsd-jail@freebsd.org, freebsd-questions@freebsd.org Subject: Re: How to use two interface with jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2008 16:37:26 -0000 Hi! > How can I make > > all traffic from the server/for the server pass through the first > interface > > all traffic from the jail /for the jail pass through the second > interface. > > In fact : How can make two «default router» on for the server, another for > all jail. Assuming you can use ipfw, here's an example: - Interfaces: if1: 192.168.1.1, gateway 192.168.1.254 if2: 192.168.2.1, gateway 192.168.2.254 - system uses 192.168.1.254 as its default gateway. - IP-ranges for jails are in the 192.168.2.0/24 range. - Then add the following ipfw rule: /sbin/ipfw add 1000 fwd 192.168.2.254 ip from 192.168.2.0/24 to any out via if2 Give it a try. -- pi@opsec.eu +49 171 3101372 12 years to go ! From owner-freebsd-jail@FreeBSD.ORG Wed Feb 6 00:11:12 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A64A16A418 for ; Wed, 6 Feb 2008 00:11:12 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.183]) by mx1.freebsd.org (Postfix) with ESMTP id 4928113C455 for ; Wed, 6 Feb 2008 00:11:12 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: by py-out-1112.google.com with SMTP id u52so3994805pyb.10 for ; Tue, 05 Feb 2008 16:11:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=uQ1KJXGoN1tnPnIOrpbk/J3sayTdX4Y962XtEQmvuhg=; b=pR9Dvx5t3TXY32dmnfwhtxoHK16xLWBkuy4E1BujiNqx/nWVe8dpCNCZLfSMHSR9fvt91Qr5wwwbJaqbx7a31Mzr+u1Fp6hywhlm4BTXxR25iFlKqJGqXYYo54ClutVj4Uomx5dmttFrRsb6A+SnY+7JvUL4fDT4aAxle6QXxnw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=deT34RSSb6a4hl38r5poCAGWdNwua+EKnV/G1d+sAhRrrWY6oLJr+4tLv+z0ADhnZwdNjthY9Z2m1zav48rwtMiWEG/LTwERZOhUKnIiSnBxZmH8stkDemZlB9PYyT56IszU6rJmU3LGe2sInUUgJtzBlkfOPBCWYnxqbzBYLaQ= Received: by 10.64.243.10 with SMTP id q10mr17086869qbh.15.1202256671061; Tue, 05 Feb 2008 16:11:11 -0800 (PST) Received: by 10.65.230.6 with HTTP; Tue, 5 Feb 2008 16:11:11 -0800 (PST) Message-ID: <4ad871310802051611md09347bm3a6b35d44b84e2bd@mail.gmail.com> Date: Tue, 5 Feb 2008 19:11:11 -0500 From: "Glen Barber" To: Albert.Shih@obspm.fr In-Reply-To: <20080205162327.GF94606@pcjas.obspm.fr> MIME-Version: 1.0 References: <20080205162327.GF94606@pcjas.obspm.fr> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org, freebsd-questions@freebsd.org Subject: Re: How to use two interface with jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Feb 2008 00:11:12 -0000 On Feb 5, 2008 11:23 AM, Albert Shih wrote: > Hi all > > I've a server to run FreeBSD 7.0 with jail. > > On the server the are two physical interfaces. > > This two interfaces are on two different ip subnet. > > All jail are on the second interface > > How can I make > > all traffic from the server/for the server pass through the first > interface > > all traffic from the jail /for the jail pass through the second > interface. > > In fact : How can make two =ABdefault router=BB on for the server, anothe= r for > all jail. > > Regards > What I did on a test server was use 1 interface for tx/rx data, and a 'dummy' device, a physical, unattached card, and assigned it an IP in /etc/rc.conf. ## LAN ifconfig_ndis0=3D"DHCP" ## Jail LAN ifconfig_bfe0=3D"inet 10.0.0.2 netmask 255.255.255.255" ifconfig_bfe0_alias0=3D"inet 10.0.0.3 netmask 255.255.255.255" I then used pf to route data. I wrote a small tutorial on this, perhaps the concept will help you: http://www.dev-urandom.com/freebsd/jail_conf HTH --=20 Glen Barber From owner-freebsd-jail@FreeBSD.ORG Wed Feb 6 01:18:49 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4BD916A421 for ; Wed, 6 Feb 2008 01:18:49 +0000 (UTC) (envelope-from lists@eyede.com) Received: from smtp.eyede.com (ebs01.eyede.com [202.61.3.46]) by mx1.freebsd.org (Postfix) with ESMTP id A1CF413C455 for ; Wed, 6 Feb 2008 01:18:49 +0000 (UTC) (envelope-from lists@eyede.com) Received: from pandora.mortis.net.nz (mortis.net.nz [202.20.1.34]) by smtp.eyede.com (Postfix) with ESMTP id 8103A3983A; Wed, 6 Feb 2008 13:54:32 +1300 (NZDT) Message-ID: <47A90547.8020801@eyede.com> Date: Wed, 06 Feb 2008 13:54:31 +1300 From: Nigel Wohlers User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: Albert.Shih@obspm.fr References: <20080205162327.GF94606@pcjas.obspm.fr> In-Reply-To: <20080205162327.GF94606@pcjas.obspm.fr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-jail@freebsd.org Subject: Re: How to use two interface with jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Feb 2008 01:18:49 -0000 Albert Shih wrote: > Hi all > > I've a server to run FreeBSD 7.0 with jail. > > In fact : How can make two «default router» on for the server, another for > all jail. > Join us in eagerly awaiting the release of VIMAGE http://imunes.tel.fer.hr/virtnet/ N. From owner-freebsd-jail@FreeBSD.ORG Wed Feb 6 14:00:38 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8545416A420; Wed, 6 Feb 2008 14:00:38 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mesiob.obspm.fr (mesiob.obspm.fr [145.238.186.2]) by mx1.freebsd.org (Postfix) with ESMTP id 00D1E13C4DB; Wed, 6 Feb 2008 14:00:37 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from localhost (pcjas.obspm.fr [145.238.184.233]) by mesiob.obspm.fr (8.13.4/8.13.4/SIO Observatoire de Paris) with ESMTP id m16E0BqD004341; Wed, 6 Feb 2008 15:00:35 +0100 Date: Wed, 6 Feb 2008 15:00:11 +0100 From: Albert Shih To: Kurt Jaeger Message-ID: <20080206140011.GI3734@pcjas.obspm.fr> References: <20080205162327.GF94606@pcjas.obspm.fr> <20080205163725.GK1757@home.c0mplx.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20080205163725.GK1757@home.c0mplx.org> User-Agent: Mutt/1.5.17 (2007-11-01) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mesiob.obspm.fr [145.238.186.2]); Wed, 06 Feb 2008 15:00:35 +0100 (CET) X-Virus-Scanned: ClamAV version 0.92, clamav-milter version 0.92 on mesiob.obspm.fr X-Virus-Status: Clean Cc: freebsd-jail@freebsd.org, freebsd-questions@freebsd.org Subject: Re: How to use two interface with jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Feb 2008 14:00:38 -0000 Le 05/02/2008 à 17:37:25+0100, Kurt Jaeger a écrit > Hi! > > > How can I make > > > > all traffic from the server/for the server pass through the first > > interface > > > > all traffic from the jail /for the jail pass through the second > > interface. > > > > In fact : How can make two «default router» on for the server, another for > > all jail. > > Assuming you can use ipfw, here's an example: > > - Interfaces: > if1: 192.168.1.1, gateway 192.168.1.254 > if2: 192.168.2.1, gateway 192.168.2.254 > - system uses 192.168.1.254 as its default gateway. > - IP-ranges for jails are in the 192.168.2.0/24 range. > - Then add the following ipfw rule: > > /sbin/ipfw add 1000 fwd 192.168.2.254 ip from 192.168.2.0/24 to any out via if2 > > Give it a try. Thanks for your help. It's working. I'm using pf (old habit) and with this single ligne pass out route-to (bce1 router_address) from to ! network_CIDR it's working. Thanks. Regards. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Heure local/Local time: Mer 6 fév 2008 14:58:45 CET From owner-freebsd-jail@FreeBSD.ORG Thu Feb 7 23:38:14 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 125C016A417 for ; Thu, 7 Feb 2008 23:38:14 +0000 (UTC) (envelope-from freebsd@hub.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.freebsd.org (Postfix) with ESMTP id CE2C713C43E for ; Thu, 7 Feb 2008 23:38:13 +0000 (UTC) (envelope-from freebsd@hub.org) Received: from localhost (unknown [200.46.204.183]) by hub.org (Postfix) with ESMTP id 63B4911FE88F; Thu, 7 Feb 2008 19:38:13 -0400 (AST) Received: from hub.org ([200.46.204.220]) by localhost (mx1.hub.org [200.46.204.183]) (amavisd-maia, port 10024) with ESMTP id 04095-09; Thu, 7 Feb 2008 19:38:13 -0400 (AST) Received: from fserv.hub.org (blk-7-245-234.eastlink.ca [71.7.245.234]) by hub.org (Postfix) with ESMTP id 0970911FDCC7; Thu, 7 Feb 2008 19:38:13 -0400 (AST) Received: from [192.168.1.2] (unknown [192.168.1.2]) by fserv.hub.org (Postfix) with ESMTP id 5E4143CD22; Thu, 7 Feb 2008 19:38:16 -0400 (AST) Date: Thu, 07 Feb 2008 19:35:52 -0400 From: "Marc G. Fournier" To: "Jorge R. Constenla" , freebsd-jail@freebsd.org Message-ID: <5DDD416CAA2FB52AEB9FDAB0@ganymede.hub.org> In-Reply-To: <4782534C.5010604@rednetgroup.com> References: <4782534C.5010604@rednetgroup.com> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Re: How many jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Feb 2008 23:38:14 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Monday, January 07, 2008 14:29:00 -0200 "Jorge R. Constenla" wrote: > Hi, > > We planning to move all linux servers to freebsd in jail, and I need to know, > How many jails for webhosting can run on a server? > > Hosting platform: Apache2.2, Perl, PHP5.0, MySQL 5.0, qmail, dovecot, proftpd > > Servers: > - MOTHER INTEL S3000AH > - 1 QUAD XEON X3220 2.4 1066 8M INTEL > - 4G RAM > - DISK 500 GB SATA 16MB W.DIGITAL Cutting in late ... I'm running 90 right now on a Dual Xeon with 4G of RAM ... - ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHq5XZ4QvfyHIvDvMRArKMAJ0WpuVEtpsRIILW4GtOv0/I9nXnOgCdEWqp iRzTAhkAWaeo4qNkrsmtOrE= =zdS2 -----END PGP SIGNATURE----- From owner-freebsd-jail@FreeBSD.ORG Fri Feb 8 10:14:43 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8574416A421 for ; Fri, 8 Feb 2008 10:14:43 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [82.208.36.70]) by mx1.freebsd.org (Postfix) with ESMTP id 4271E13C4F0 for ; Fri, 8 Feb 2008 10:14:42 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 1E30919E02E; Fri, 8 Feb 2008 11:14:41 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTP id AAC5319E023; Fri, 8 Feb 2008 11:14:34 +0100 (CET) Message-ID: <47AC2B97.3060104@quip.cz> Date: Fri, 08 Feb 2008 11:14:47 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: "Marc G. Fournier" References: <4782534C.5010604@rednetgroup.com> <5DDD416CAA2FB52AEB9FDAB0@ganymede.hub.org> In-Reply-To: <5DDD416CAA2FB52AEB9FDAB0@ganymede.hub.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: How many jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2008 10:14:43 -0000 Marc G. Fournier wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > - --On Monday, January 07, 2008 14:29:00 -0200 "Jorge R. Constenla" > wrote: > > >>Hi, >> >>We planning to move all linux servers to freebsd in jail, and I need to know, >>How many jails for webhosting can run on a server? >> >>Hosting platform: Apache2.2, Perl, PHP5.0, MySQL 5.0, qmail, dovecot, proftpd >> >>Servers: >>- MOTHER INTEL S3000AH >>- 1 QUAD XEON X3220 2.4 1066 8M INTEL >>- 4G RAM >>- DISK 500 GB SATA 16MB W.DIGITAL > > > Cutting in late ... I'm running 90 right now on a Dual Xeon with 4G of RAM ... It is interesting number. Are you running a 'base' jails or with some custom patches (resource limits related)? What services are in an each jail? Are you running 6.x AMD64 or i386 (I think AMD64, if you have 4G of RAM) Miroslav Lachman