From owner-freebsd-net@FreeBSD.ORG  Sun Dec  5 02:30:33 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2255B16A4CE; Sun,  5 Dec 2004 02:30:33 +0000 (GMT)
Received: from ford.blinkenlights.nl (handtekeningenactie.lelystedeling.nl
	[213.204.211.2])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 765EF43D41; Sun,  5 Dec 2004 02:30:32 +0000 (GMT)
	(envelope-from sten@blinkenlights.nl)
Received: from tea.blinkenlights.nl (tea.blinkenlights.nl [192.168.1.21])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ford.blinkenlights.nl (Postfix) with ESMTP id 750BE3E434;
	Sun,  5 Dec 2004 03:30:30 +0100 (CET)
Received: by tea.blinkenlights.nl (Postfix, from userid 101)
	id E8E1125F; Sun,  5 Dec 2004 03:30:29 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by tea.blinkenlights.nl (Postfix) with ESMTP
	id D0B3C2E; Sun,  5 Dec 2004 03:30:29 +0100 (CET)
Date: Sun, 5 Dec 2004 03:30:29 +0100 (CET)
From: Sten Spans <sten@blinkenlights.nl>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
In-Reply-To: <Pine.BSF.4.53.0412042244190.34445@e0-0.zab2.int.zabbadoz.net>
Message-ID: <Pine.SOC.4.61.0412050317080.5783@tea.blinkenlights.nl>
References: <344de28704120412333e70fb76@mail.gmail.com>
 <344de28704120413306b410608@mail.gmail.com> <41B23C51.5B4207AC@freebsd.org>
 <Pine.BSF.4.53.0412042244190.34445@e0-0.zab2.int.zabbadoz.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
cc: freebsd-net@freebsd.org
cc: Andre Oppermann <andre@freebsd.org>
Subject: Re: INADDR_ANY bind in a multiip jail
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Dec 2004 02:30:33 -0000

On Sat, 4 Dec 2004, Bjoern A. Zeeb wrote:

> On Sat, 4 Dec 2004, Andre Oppermann wrote:
>
>>> i just found a patch from Pawel Jakub Dawidek(mijail5) which do not
> ...
>> Do you have a link?  I'd like to have a look at the code.
>
> http://garage.freebsd.pl/

This code is borken on 5.3, because of mfc's.
There is a somewhat fixed version at:
http://blog.mombe.org/data/systems/mijail5.asis
which seems to function reasonably.
Although the site which hosts it is quite hard
to reach.

I use this patch to run webservers with vrrp redundant
ip's, and apache with multiple ip's ( ssl ) in a jail.
Aka, I have multiple active ips in apache, but not all
of them active on each box which basically means inaddr_any.
And I do have a need for jailing user scripting
( evil suexec-like tricks ).

The inaddr_any need can be "fixed" with ips on loopback,
and some routing or natd tricks. And one could run
a seperate apache for each ip.

-- 
Sten Spans

"There is a crack in everything, that's how the light gets in."
Leonard Cohen - Anthem