From owner-freebsd-jail@freebsd.org Wed Dec 14 20:39:46 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9A39BC77410 for ; Wed, 14 Dec 2016 20:39:46 +0000 (UTC) (envelope-from ike@blackskyresearch.net) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5FE0E1327 for ; Wed, 14 Dec 2016 20:39:45 +0000 (UTC) (envelope-from ike@blackskyresearch.net) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 3444320769; Wed, 14 Dec 2016 15:39:44 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Wed, 14 Dec 2016 15:39:44 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= blackskyresearch.net; h=cc:content-transfer-encoding :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=ATv8w2s/T4aU+zH684H0eXikYEo=; b=pAy87x qVNQV00kAY/708VPs54InjtuZbb3t0rUDJeOD30shnD2CWquz9xJ1HJbWv1HeJCD /DSSy/PIQMMzT826GOoGyIzM0cFGFMEgieFyNwLrelk2ExcNDzmqCnjgy6Lb4yy4 SI7x7gtYzf/SAmCAI2wPaA23yVuQRFCvAlr5Y= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= smtpout; bh=ATv8w2s/T4aU+zH684H0eXikYEo=; b=c1SsDBSl0MXMFZICoTrz cnCzOPREcR9QtwKdTOK0Y7nlh5UghUueSEAYwokkJTnawuqOElUEMwL0UvH/d9K+ JFlAaCsXA+B3TFlLR5V0S5IIZCtC2hdAy0gZ/QLN2q21au/clPHpDu63MDZ7EmM2 j5uEXpS3i2eveILlZ1L1hkw= X-ME-Sender: X-Sasl-enc: D6sJu+gYvGSHw1R2bDPR9o37BqqOf4zafmLCNK51xfUz 1481747983 Received: from [192.168.0.11] (cpe-24-90-224-248.nyc.res.rr.com [24.90.224.248]) by mail.messagingengine.com (Postfix) with ESMTPA id DC1457E8C1; Wed, 14 Dec 2016 15:39:43 -0500 (EST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: multiple interfaces for jail.conf(1) and jail_set(2) From: "Isaac (.ike) Levy" In-Reply-To: <45822529-2096-4B32-8515-F5875BEF7101@ellael.org> Date: Wed, 14 Dec 2016 15:39:43 -0500 Cc: freebsd-jail@FreeBSD.org Content-Transfer-Encoding: quoted-printable Message-Id: <907B489D-899A-4204-96D8-ACF86EE829A7@blackskyresearch.net> References: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <45822529-2096-4B32-8515-F5875BEF7101@ellael.org> To: Michael Grimm X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 20:39:46 -0000 Wow, that=E2=80=99s rad Michael, > On Dec 14, 2016, at 3:30 PM, Michael Grimm = wrote: >=20 > Isaac (.ike) Levy wrote: >=20 >> Can I specify multiple IP interfaces and assign IP=E2=80=99s to them = using jail.conf? >=20 > Not sure if I understand your question correctly, but I do define the = following in my jail.conf for VNET jails: >=20 > # > # host dependent global settings > # > $ip6prefixLOCAL =3D "fd00:dead:beef:1234"; >=20 > # > # global jail settings > # > host.hostname =3D "${name}"; > path =3D "/usr/home/jails/${name}"; > mount.fstab =3D "/etc/fstab.${name}"; > exec.consolelog =3D "/var/log/jail_${name}_console.log"; > vnet =3D "new"; > vnet.interface =3D "epair${jailID}b"; > exec.clean; > mount.devfs; > persist; >=20 > # > # network settings to apply/destroy during start/stop of every jail > # > exec.prestart =3D "sleep 2"; > exec.prestart +=3D "/sbin/ifconfig epair${jailID} create up"; > exec.prestart +=3D "/sbin/ifconfig bridge0 addm = epair${jailID}a"; > exec.start =3D "/sbin/sysctl net.inet6.ip6.dad_count=3D0"; > exec.start +=3D "/sbin/ifconfig lo0 127.0.0.1 up"; > exec.start +=3D "/sbin/ifconfig epair${jailID}b inet = ${ip4_addr}"; > exec.start +=3D "/sbin/ifconfig epair${jailID}b inet6 = ${ip6_addr}"; > exec.start +=3D "/sbin/route add default -gateway = 10.1.1.254"; > exec.start +=3D "/sbin/route add -inet6 default -gateway = ${ip6prefixLOCAL}::254"; > exec.stop =3D "/sbin/route del default"; > exec.stop +=3D "/sbin/route del -inet6 default"; > exec.stop +=3D "/bin/sh /etc/rc.shutdown"; > exec.poststop =3D "/sbin/ifconfig epair${jailID}a = destroy"; >=20 > # > # individual jail settings > # > dns { > $jailID =3D 1; > $ip4_addr =3D 10.1.1.1; > $ip4_addr_2 =3D 10.1.1.2; > $ip6_addr =3D ${ip6prefixLOCAL}::1/64; > $ip6_addr_2 =3D ${ip6prefixLOCAL}::2/64; > exec.start +=3D "/sbin/ifconfig epair${jailID}b inet = ${ip4_addr_2} alias"; > exec.start +=3D "/sbin/ifconfig epair${jailID}b inet6 = ${ip6_addr_2} alias"; > exec.start +=3D "/bin/sh /etc/rc"; > } >=20 > etc. I=E2=80=99ll need to study/look up some of that syntax, to fully grok = this, but that comprehensive example appears to hit the nail on the head = several times over with the exec.start/exec.stop action. Two questions though: - I=E2=80=99m confused how you define the shell style $ variables in = your individual jail settings above, e.g. =E2=80=98$ip4_addr_2 =3D = 10.1.1.2;=E2=80=99, why/how does that work? Is that a variable to be = expanded, or some other behavior? > Again, not sure if I do understand your issue correctly, but the shown = examples of exec.start, exec.stop, etc. are quite versatile to use. >=20 > I do start/stop my jails by "service jail start/stop=E2=80=9D. - Obviously you state you=E2=80=99re using service to start/stop jails, = but shouldn=E2=80=99t this work with =E2=80=98jail -c =E2=80=99,= or are these subsystems not interoperable? Thanks! Best, .ike >=20 > Hope that helps, > Michael >=20 >=20 >=20 > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to = "freebsd-jail-unsubscribe@freebsd.org"