From owner-freebsd-jail@freebsd.org Tue Sep 20 20:18:20 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A55ADBE396B for ; Tue, 20 Sep 2016 20:18:20 +0000 (UTC) (envelope-from purpleritza@gmail.com) Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 73858B84 for ; Tue, 20 Sep 2016 20:18:20 +0000 (UTC) (envelope-from purpleritza@gmail.com) Received: by mail-oi0-x234.google.com with SMTP id a62so36044235oib.1 for ; Tue, 20 Sep 2016 13:18:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=cPvVOx4YvLjLuXHsVgfO3faJbCNUOTtvO2r7c6ymXGI=; b=d+4AJBLQq8jzjEncidceIusbLg/obrAwuxOWfZpoDSsJekaTG74KQ+N5dgkh7pyyGc K+C4FRNvmo0+4Z76ca6HYzvnIVTNqCK5irmOW3CekeDCnfZgUKIe3V2RhANPVnGNNfSg 83GAc1YL91tNtOKZFJlE5Hq7DPEGHgGe+thAqPwOdVv/4OU9sIBlLI9rH2H8/7msRnYR Xp5Ia9c1eNxztsz+dSLeVWeDskFB/NHhJymSDMEEpk6yBjhq2o0f22bma34QXQ6tR8fP Td67tZ5EYy9Z2cDi3fQRmYuxWGpPRnrjAR+4HgiaR16B2w03Vv4gx0C0fDmPJMITPr+h g7LQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=cPvVOx4YvLjLuXHsVgfO3faJbCNUOTtvO2r7c6ymXGI=; b=ZOGoj1GjoLRQJHah0nUU0BLbSDCO0R7icoB4vfUC7g7mlFBAfjLQB3VlTaS/vO8wcN 9G0wAmKzqXW1zXz54TA0FowBRCBFNGpHjSSDqACURxtw/Ym/H2l32/qBBqMbR3UMstsc 24uQoFbZ00A6oMwhXgyKn6RdXI3ZHCRU5Og+n5kt/fQLAbaiGzQSLgcP4YARqskRWC6L rui5gF5ke0aWSHHQMe0GUEUsFboELfbleNXdcGG4CqyrKUJMvtZP1CbwIJh7VlbHb8O5 k7qJPGn5g1Oo4wj6VglX3tfUMGDTyO5LNH4gHao2+cKobu6S9CXOlQYBA0d6wPp2P3GT wDfA== X-Gm-Message-State: AE9vXwMGnkIk117wJ47HWL0Kq5M+cE59qd8uzoDJRS7vGj10zGX3zUv+u4zoi7ShXVCotrSJarzKFQ/h7P3KCg== X-Received: by 10.202.104.224 with SMTP id o93mr19626604oik.82.1474402699653; Tue, 20 Sep 2016 13:18:19 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.93.4 with HTTP; Tue, 20 Sep 2016 13:17:39 -0700 (PDT) In-Reply-To: <761D111F-F968-477B-9247-DABD205CEE1C@Lodge.me.uk> References: <872dfbe1-3f39-bf5f-44b2-611bd92a1210@gjunka.com> <4fa37d2e14665ff5a00548626e55142f@gritton.org> <9fd404a3-f1cc-4510-1d38-5ca8dc85f5d3@gjunka.com> <761D111F-F968-477B-9247-DABD205CEE1C@Lodge.me.uk> From: =?UTF-8?B?R29yYW4gVGVwxaFpxIc=?= Date: Tue, 20 Sep 2016 22:17:39 +0200 Message-ID: Subject: Re: Changing jail's IP automatically To: James Lodge Cc: Grzegorz Junka , "freebsd-jail@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Sep 2016 20:18:20 -0000 Private jail IP addresses and reverse NAT is what you need, as Konstantin said. There's no need to assign IP to jails each time you change networks just forward traffic to desired jail with PF based on localip:port and setup reverse NAT so that you get the connection from your jails. I have setup like this but I'm using Qjail, not sure how the config looks if you're using base jail binary, I've never used it nor I intend too. On Sun, Sep 4, 2016 at 6:43 PM, James Lodge wrote: > > > > On 4 Sep 2016, at 17:32, Grzegorz Junka wrote: > > > > Probably it would, I didn't try. Is this is the proper way of solving > this issue? > > > > > >> On 03/09/2016 15:49, James Lodge wrote: > >> Would PF and NAT not work for you? NAT to the WLAN0 IP (DHCP assigned) > using PF macros and have a separate subnet for your jails? This would be > PAT so you might have issues with accessing services inbound if you're > using the same port in multiple jails. Just an idea..... > >> > >> Sent from my iPad > >> > >>>> On 3 Sep 2016, at 16:33, James Gritton wrote: > >>>> > >>>> On 2016-09-02 15:08, Grzegorz Junka wrote: > >>>> I am using a jail on my laptop and I often connect to different > >>>> WiFi's, which of course assign different IPs to my laptop. I set up > >>>> the jail by adding an alias to wlan0 and I need to update the IP every > >>>> time I switch the WiFi network. Is it possible to create a jail with > >>>> IP assigned dynamically, e.g. from DHCP, or at least switch between > >>>> predefined IPs more easily than by editing /etc/jail.conf? > >>> You can always add addresses later. I would create the jail without > any IP address specified in jail.conf, and then have a exec.poststart > script that sets the address using something like "jail -m name=foo > ip4.addr=1.2.3.4". And similarly when the network switches, it would need > to trigger a similar script that resets the address. > >>> > >>> It's a little more complicated that than though: network daemons will > be bound to the old address after the switch, so you'll need to run the > proper service(8) commands to restart those, in the right order. Or > depending on the service, maybe a kick of some sort (like a kill -1) would > do the trick. > >>> > >>> And at start time, if the jail has no IP address of its own, anything > it runs will use the regular system IP addresses. That's definitely not > what you want. Unfortunately, jail(8) doesn't have a way to run a script > in the system environment after the jail is created but before exec.start > is run. That would be the right place to set the initial address. So > barring that, you may want to have network services not started up at all, > until this poststart script sets the address. So it's still not a simple > issue. > >>> > >>> - Jamie > >>> _______________________________________________ > >>> freebsd-jail@freebsd.org mailing list > >>> https://lists.freebsd.org/mailman/listinfo/freebsd-jail > >>> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org > " > > > > _______________________________________________ > > freebsd-jail@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > > There are many way to handle it, using NAT would be the easiest and the > way products like VirtualBox and VMware workstation handles it's on a > desktop/laptop. > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >