From owner-freebsd-jail@FreeBSD.ORG Mon Jan 23 07:25:10 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA5E31065670 for ; Mon, 23 Jan 2012 07:25:09 +0000 (UTC) (envelope-from freebsd@psconsult.nl) Received: from mx1.psconsult.nl (mx1.iaf.psconsult.nl [80.89.238.138]) by mx1.freebsd.org (Postfix) with ESMTP id 5DE6D8FC08 for ; Mon, 23 Jan 2012 07:25:08 +0000 (UTC) Received: from mx1.psconsult.nl (mx1.iaf.psconsult.nl [80.89.238.138]) by mx1.psconsult.nl (8.14.4/8.14.4) with ESMTP id q0N71ITJ084494 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 23 Jan 2012 08:01:23 +0100 (CET) (envelope-from freebsd@psconsult.nl) Received: (from paul@localhost) by mx1.psconsult.nl (8.14.4/8.14.4/Submit) id q0N71IbT084493 for freebsd-jail@freebsd.org; Mon, 23 Jan 2012 08:01:18 +0100 (CET) (envelope-from freebsd@psconsult.nl) X-Authentication-Warning: mx1.psconsult.nl: paul set sender to freebsd@psconsult.nl using -f Date: Mon, 23 Jan 2012 08:01:18 +0100 From: Paul Schenkeveld To: freebsd-jail@freebsd.org Message-ID: <20120123070117.GA79715@psconsult.nl> References: <57939.69.209.76.5.1327292727.squirrel@cosmo.uchicago.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <57939.69.209.76.5.1327292727.squirrel@cosmo.uchicago.edu> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: multiple jails with multiple network interfaces X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2012 07:25:10 -0000 On Sun, Jan 22, 2012 at 10:25:27PM -0600, Valeri Galtsev wrote: > Hello! > > I have a FreeBSD 9.0 host that is registered in DNS to appear with > multiple IP addresses: > > host some.host.com > > some.host.com has address a.b.c.x > some.host.com has address a.b.d.x > some.host.com has address a.b.e.x > > I built multiple jails to run one service in each following mostly: > > http://www.freebsd.org/doc/handbook/jails-application.html > > I am trying to start each of the jails with all network interfaces this > machine has configured (with the same IP addressed as interfaces are > configured on the host system). For that I have in jail related portion of > /etc/rc.conf the following > > jail_enable="YES" > jail_set_hostname_allow="NO" > jail_list="http ftp rsync pxe" > jail_http_hostname="some.host.com" > jail_http_ip="a.b.c.x,a.b.d.x,a.b.e.x" > jail_http_rootdir="/jail/http" > ... > jail_ftp_hostname="some.host.com" > jail_ftp_ip="a.b.c.x,a.b.d.x,a.b.e.x" > jail_ftp_rootdir="/jail/ftp" > ... > > When I start jails: > > /etc/rc.d/jail start > > first in the list jail starts perfectly (and I can verify that service > configured to run in it is accessible on all three public IP addresses of > the machine), all other jails, however, fail to start with the message > > some# /etc/rc.d/jail start > Configuring jails:. > Starting jails: some.host.com some.host.com some.host.com ... > cannot start jail "ftp" > . > > If I only leave one IP address in each of the jais, they all start OK. If > I configure some jails with different IP (on the same class C network), > leaving first jail with multiple IP addresses, e.g.: > > jail_http_hostname="some.host.com" > jail_http_ip="a.b.c.x,a.b.d.x,a.b.e.x" > jail_http_rootdir="/jail/http" > ... > jail_ftp_hostname="some.host.com" > jail_ftp_ip="a.b.c.y" > jail_ftp_rootdir="/jail/ftp" > ... > > all jails start OK (first with multiple IPs, and other with single > different IP). If first (in order of start) jail is with single IP, and > next jail is with multiple IPs including the IP of the first one: > > jail_http_hostname="some.host.com" > jail_http_ip="a.b.c.x" > jail_http_rootdir="/jail/http" > ... > jail_ftp_hostname="some.host.com" > jail_ftp_ip="a.b.c.x,a.b.d.x,a.b.e.x" > jail_ftp_rootdir="/jail/ftp" > ... > > then jail with multiple IPs will not start. > > > I tried to search, but I didn't find anybody mentioning having this > problem or having it resolved of just having similar configuration with > multiple IPs. > > Is there something obviously wrong that I'm doing? > > Is it possible that there is some restriction that will not allow me to > have this configuration? See jail(8): ip4.addr ... It is only possible to start multiple jails with the same IP address, if none of the jails has more than this single overlapping IP address assigned to itself. So jails can have the same IP4 address but that has to be the only IP4 address of that jail, otherwise all address must be unique. Kind regards, Paul Schenkeveld