From owner-freebsd-jail@FreeBSD.ORG Mon Jun 2 11:06:55 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB2B61065680 for ; Mon, 2 Jun 2008 11:06:55 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D095C8FC2E for ; Mon, 2 Jun 2008 11:06:55 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m52B6tYM093214 for ; Mon, 2 Jun 2008 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m52B6tbZ093210 for freebsd-jail@FreeBSD.org; Mon, 2 Jun 2008 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 2 Jun 2008 11:06:55 GMT Message-Id: <200806021106.m52B6tbZ093210@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2008 11:06:56 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail 2 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o kern/120753 jail [jail] Zombie jails (jailed child process exits while 9 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Jun 2 23:52:10 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD0FA1065677 for ; Mon, 2 Jun 2008 23:52:10 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.179]) by mx1.freebsd.org (Postfix) with ESMTP id 9EA738FC17 for ; Mon, 2 Jun 2008 23:52:10 +0000 (UTC) (envelope-from alexus@gmail.com) Received: by wa-out-1112.google.com with SMTP id j4so586414wah.3 for ; Mon, 02 Jun 2008 16:52:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=s8nCHmRRSE72qGLBISuHXe+s9xaDg2OL2R+U7sWtdW4=; b=rvbMRpA6wmLkvKDb1CV+BIByYLzT7tZYpmtVTzOmjQSV4hcLgi5Q4TgiBXEQEmI0e5pd96VMVjaRJLeumJPp2ppDDVo+Tlv7iRNDYFp5WLn1pfnetB0xgbVO39trN/DcQFrFw9OcGGg6JEkIgB8e8fuhqdXL9Z3wMdAEFn/XR+w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=iZ702D+tRxfJ9TeRAbKiQYBgMHBhwdtfxnm1imnH7apI9+UVpp6HRVQuZlYwQosrr0GOnK2AcJQWfGJpKmF86uIHPsT5MFfq1UaPNuqkNh6YBqTNUprgW7F+Qf1wlnoJirCw7w5WImnaejbKvLTVQO6KKYRcoZd5MLuoQtQeOnQ= Received: by 10.114.196.13 with SMTP id t13mr10430791waf.219.1212450730048; Mon, 02 Jun 2008 16:52:10 -0700 (PDT) Received: by 10.114.67.7 with HTTP; Mon, 2 Jun 2008 16:52:10 -0700 (PDT) Message-ID: <6ae50c2d0806021652l1e079b0ft72cbb34c223474e7@mail.gmail.com> Date: Mon, 2 Jun 2008 19:52:10 -0400 From: alexus To: freebsd-jail@freebsd.org In-Reply-To: <6ae50c2d0805121128t7721bc1kda6f2a187be03165@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <6ae50c2d0805121128t7721bc1kda6f2a187be03165@mail.gmail.com> Subject: Re: FreeBSD-7.0 MULTIPLE-IPs X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2008 23:52:10 -0000 anyone? On Mon, May 12, 2008 at 2:28 PM, alexus wrote: > Hello, > > I saw there is a few patches out there that gives jail ability to have > more then 1(one) IP address, however all those patches are very old > and jail in FreeBSD-7.0 has more then it had even 2-3 years ago, so I > was wondering if there is a new patch that works with FreeBSD-7, maybe > implmenting this patch is somewhat easier in 7.0 vs older releases? I > think DragonFly implmeneted one of the patches directly into core, why > FreeBSD won't do it already? > -- > http://alexus.org/ > -- http://alexus.org/ From owner-freebsd-jail@FreeBSD.ORG Tue Jun 3 00:17:26 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A4F21065678 for ; Tue, 3 Jun 2008 00:17:26 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.225]) by mx1.freebsd.org (Postfix) with ESMTP id DB0958FC18 for ; Tue, 3 Jun 2008 00:17:25 +0000 (UTC) (envelope-from alexus@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so1359367rvf.43 for ; Mon, 02 Jun 2008 17:17:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=+/JrTJ7ehp3z+LOLaE5wt/VXt+u7J/6SC4BR4q+5I8w=; b=oYlpWkwhWG/pCZoipovGjlkerid5Nr7+kKKR7Y15PUVf5klg6eF//U0/brgwRfc+A7lQIItVMjuaFHk6/E/1IoLrPFZsoY6SkI2Q4HufJRGdSrka4pVE53OsRSZrBEho+i4G2HkB7+pVjimhiJ0te9btEf5V9R1Vk6q3tbrQxB4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mNw+d6t1zYGcfe44mw6auPz73hVYRrhtxXLDA5bnrH2J4wpZutRxFwwlB2QJAB6+kb3PQSNkCoy6wg0+A0nxJ+3PazvSJmZcRvt31JiBsBpNmoLV99kbX6gx5AIBcmFHb5ZXzKisZpLC32fj/BqPWrY4nRiM1ecXeEC0fKmTXAQ= Received: by 10.114.106.13 with SMTP id e13mr10465493wac.157.1212452245614; Mon, 02 Jun 2008 17:17:25 -0700 (PDT) Received: by 10.114.67.7 with HTTP; Mon, 2 Jun 2008 17:17:25 -0700 (PDT) Message-ID: <6ae50c2d0806021717g333e8e47v597d7fc311f82786@mail.gmail.com> Date: Mon, 2 Jun 2008 20:17:25 -0400 From: alexus To: "Miroslav Lachman" <000.fbsd@quip.cz> In-Reply-To: <48388C96.1050807@quip.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4838851D.9010007@quip.cz> <20080524213123.E65662@maildrop.int.zabbadoz.net> <48388C96.1050807@quip.cz> Cc: freebsd-jail@freebsd.org Subject: Re: New wiki page - Jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2008 00:17:26 -0000 i'm more concern about: Multi-IPv4/v6/no-IP jails In progress Bjoern A. Zeeb The multi-IPv4/v6 jails project was resumed in early January after previous work had been abandoned in 2006. As an alternate solution to full network stack virtualization, this work shall provide a lightweight solution for multi-IP virtualization. Perforce based on FreeBSD 7.x?/8.x any ETA at all? seems like such a demanding feature, yet its barly made it to the list of things to do :( On Sat, May 24, 2008 at 5:45 PM, Miroslav Lachman <000.fbsd@quip.cz> wrote: > > > Bjoern A. Zeeb wrote: > >> On Sat, 24 May 2008, Miroslav Lachman wrote: >> >> Hi, >> >>> I just started with some informations on http://wiki.freebsd.org/Jails >>> So let me know what you think about it and do not hesitate with more >>> ideas. >> >> >> Thanks for the summary. >> >> Just on a sidenote: most of the 'Future plans' will never happen as >> part of jails but as part of a larger virtualization technique if they >> are going to happen at all. >> Basically virtualizing everything under the name of jails does ot make >> a lot of sense. At one point you want a hypervisor and simply boot >> different instances. > > Yes, I am aware of it. It is just a list of "known" feature requests. If you > have some background knowledge of what and how is planned in FreeBSD for > Jail or Vimage, please let me know and I can write some notes to each > 'Future plan' item (someting like 'covered by Vimage' or 'will never appear > in Jails' etc.) or you can do it yourself, if you have write access to the > wiki page. > > Miroslav Lachman > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > -- http://alexus.org/ From owner-freebsd-jail@FreeBSD.ORG Tue Jun 3 06:21:30 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ED5A7106566C for ; Tue, 3 Jun 2008 06:21:30 +0000 (UTC) (envelope-from frank@harz.behrens.de) Received: from post.frank-behrens.de (unknown [IPv6:2a01:170:1023::1:2]) by mx1.freebsd.org (Postfix) with ESMTP id 53FAF8FC23 for ; Tue, 3 Jun 2008 06:21:30 +0000 (UTC) (envelope-from frank@harz.behrens.de) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=behrens.de; h=from:to:date:mime-version:subject:in-reply-to:references:content-type:content-transfer-encoding:content-description; q=dns/txt; s=pinky1; t=1212474088; i=frank@harz.behrens.de; bh=28oh+vdam/9XlNfPShHLcgm1BSEaDDWJCeLwz6BfeIQ=; b=mcXOmUO3hL5zJqizl92Llv+oIfl7HxmhNJrwv9xUbeb7T3ZQ7CAvBvIH6UGkeJHal7Omg0Gp6NteZ8tHLRpYDA== Received: from sun.behrens ([IPv6:2a01:170:1023:0:c9ef:873c:c70b:564e]) by post.frank-behrens.de (8.14.2/8.14.2) with ESMTP-MSA id m536LMFN002000 for ; Tue, 3 Jun 2008 08:21:22 +0200 (CEST) (envelope-from frank@harz.behrens.de) Message-Id: <200806030621.m536LMFN002000@post.frank-behrens.de> From: "Frank Behrens" To: freebsd-jail@freebsd.org Date: Tue, 03 Jun 2008 08:21:22 +0200 MIME-Version: 1.0 Priority: normal In-reply-to: <6ae50c2d0806021717g333e8e47v597d7fc311f82786@mail.gmail.com> References: <48388C96.1050807@quip.cz> X-mailer: Pegasus Mail for Windows (4.31, DE v4.31 R1) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Hashcash: 1:24:080603:freebsd-jail@freebsd.org::KqxHQq9hO2aAUkO1:000000000qvlQ Subject: Re: New wiki page - Jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2008 06:21:31 -0000 alexus wrote on 2 Jun 2008 20:17: > Multi-IPv4/v6/no-IP jails > In progress > Bjoern A. Zeeb > The multi-IPv4/v6 jails project was resumed in early January after > previous work had been abandoned in 2006. > As an alternate solution to full network stack virtualization, this > work shall provide a lightweight solution for multi-IP virtualization. > Perforce > based on FreeBSD 7.x?/8.x > > > any ETA at all? seems like such a demanding feature, yet its barly > made it to the list of things to do :( I can't give you an ETA, but I can give you a good feeling. ;-) On Bjoerns page are already patches available. I'm testing this on RELENG_7 and did not see any problems, it works very well on a (small) productive system. -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available. From owner-freebsd-jail@FreeBSD.ORG Tue Jun 3 09:26:00 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 552D4106564A for ; Tue, 3 Jun 2008 09:26:00 +0000 (UTC) (envelope-from ike@lesmuug.org) Received: from scooter.bizintegrators.com (scooter.bizintegrators.com [64.94.184.35]) by mx1.freebsd.org (Postfix) with ESMTP id C7C908FC20 for ; Tue, 3 Jun 2008 09:25:59 +0000 (UTC) (envelope-from ike@lesmuug.org) Received: from [10.0.222.99] (dsl027-135-177.nyc1.dsl.speakeasy.net [216.27.135.177]) (authenticated bits=0) by scooter.bizintegrators.com (8.13.3/8.13.3) with ESMTP id m538nZLr013326 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 3 Jun 2008 04:49:35 -0400 (EDT) Message-Id: <4290E004-F4CF-4537-A9FC-B630BAD634CC@lesmuug.org> From: Isaac Levy To: alexus In-Reply-To: <6ae50c2d0806021652l1e079b0ft72cbb34c223474e7@mail.gmail.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v924) Date: Tue, 3 Jun 2008 04:49:28 -0400 References: <6ae50c2d0805121128t7721bc1kda6f2a187be03165@mail.gmail.com> <6ae50c2d0806021652l1e079b0ft72cbb34c223474e7@mail.gmail.com> X-Mailer: Apple Mail (2.924) X-Loftmail-Check: No X-Scanned-By: MIMEDefang 2.54 on 64.94.184.36 Cc: freebsd-jail@freebsd.org Subject: Re: FreeBSD-7.0 MULTIPLE-IPs X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2008 09:26:00 -0000 Hello Alexus, I haven't been very close to this lately, so I may be stepping out of turn- but there's one big reason: The Virtual IP stack implementation underway (separate from the jail mechanism, but of course, QUITE perfect for jailing uses). I first learned Marko Zec's work on the virtual IP stack at EuroBSDCon 2007: http://2007.eurobsdcon.org/tutorial-virtualized-network-stack.html However, Bjoern Zeeb has resumed a jail-specific multi-ip implimentation- the current status seems to be updated soemwhat frequently here (yay!): http://wiki.freebsd.org/Jails#head-27743b977485318e421b24962498cf007f70dacf "The multi-IPv4/v6 jails project was resumed in early January after previous work had been abandoned in 2006. As an alternate solution to full network stack virtualization, this work shall provide a lightweight solution for multi-IP virtualization. Perforce based on FreeBSD 7.x?/8.x" Sadly for you however, at the time of this writing, it seems the 7.x patches are 'in progress'. -- To answer the dragonfly jail patch question- Dragonfly is a fork of the 4.x FreeBSD code, and with that, is now extremely different from FreeBSD 5.x onward. Therefore, many patches from the 4.x era code are straight inline with Dragonfly. Hope that answers your question or provides some direction, even if the answer doesn't meet your needs. Best, .ike On Jun 2, 2008, at 7:52 PM, alexus wrote: > anyone? > > On Mon, May 12, 2008 at 2:28 PM, alexus wrote: >> Hello, >> >> I saw there is a few patches out there that gives jail ability to >> have >> more then 1(one) IP address, however all those patches are very old >> and jail in FreeBSD-7.0 has more then it had even 2-3 years ago, so I >> was wondering if there is a new patch that works with FreeBSD-7, >> maybe >> implmenting this patch is somewhat easier in 7.0 vs older releases? I >> think DragonFly implmeneted one of the patches directly into core, >> why >> FreeBSD won't do it already? >> -- >> http://alexus.org/ >> > > > > -- > http://alexus.org/ > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail- > unsubscribe@freebsd.org" > From owner-freebsd-jail@FreeBSD.ORG Tue Jun 3 09:40:07 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C07EF1065670 for ; Tue, 3 Jun 2008 09:40:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 764478FC1A for ; Tue, 3 Jun 2008 09:40:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id CE43641C75B; Tue, 3 Jun 2008 11:40:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id P9rIEeEDeEh5; Tue, 3 Jun 2008 11:40:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 6F6A041C736; Tue, 3 Jun 2008 11:40:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 7CB0744487F; Tue, 3 Jun 2008 09:38:04 +0000 (UTC) Date: Tue, 3 Jun 2008 09:38:03 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Isaac Levy In-Reply-To: <4290E004-F4CF-4537-A9FC-B630BAD634CC@lesmuug.org> Message-ID: <20080603093306.O83875@maildrop.int.zabbadoz.net> References: <6ae50c2d0805121128t7721bc1kda6f2a187be03165@mail.gmail.com> <6ae50c2d0806021652l1e079b0ft72cbb34c223474e7@mail.gmail.com> <4290E004-F4CF-4537-A9FC-B630BAD634CC@lesmuug.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: FreeBSD-7.0 MULTIPLE-IPs X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2008 09:40:07 -0000 On Tue, 3 Jun 2008, Isaac Levy wrote: Hi ike, > I first learned Marko Zec's work on the virtual IP stack at EuroBSDCon 2007: > http://2007.eurobsdcon.org/tutorial-virtualized-network-stack.html If you knew about things that happened at BSDCan 2008;-) Where have you been? > However, Bjoern Zeeb has resumed a jail-specific multi-ip implimentation- the > current status seems to be updated soemwhat frequently here (yay!): > http://wiki.freebsd.org/Jails#head-27743b977485318e421b24962498cf007f70dacf > > "The multi-IPv4/v6 jails project was resumed in early January after previous > work had been abandoned in 2006. > As an alternate solution to full network stack virtualization, this work > shall provide a lightweight solution for multi-IP virtualization. Perforce > based on FreeBSD 7.x?/8.x" > > Sadly for you however, at the time of this writing, it seems the 7.x patches > are 'in progress'. Well the entire things is "in progress" and as this is a FAQ the RELENG_7 patch that is out there is a bit outdated and I am working on an updated version as soon as I have tested what is in p4 on HEAD and feel that it still is as stable as the old patch was. BTW. Any HEAD version would be as old as the RELENG_7 one. Go here to find your way to the (old but stable) patch: http://www.freebsd.org/news/status/report-2008-01-2008-03.html#Multi-IPv4/v6/no-IP-jails I'll keep people updated on this list as soon as I have anything new. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Tue Jun 3 14:05:35 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7AC141065675 for ; Tue, 3 Jun 2008 14:05:35 +0000 (UTC) (envelope-from ike@lesmuug.org) Received: from scooter.bizintegrators.com (scooter.bizintegrators.com [64.94.184.35]) by mx1.freebsd.org (Postfix) with ESMTP id 273F48FC0C for ; Tue, 3 Jun 2008 14:05:34 +0000 (UTC) (envelope-from ike@lesmuug.org) Received: from [10.0.222.99] (dsl027-135-177.nyc1.dsl.speakeasy.net [216.27.135.177]) (authenticated bits=0) by scooter.bizintegrators.com (8.13.3/8.13.3) with ESMTP id m53E5UKo019698 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 3 Jun 2008 10:05:31 -0400 (EDT) Message-Id: From: Isaac Levy To: "Bjoern A. Zeeb" In-Reply-To: <20080603093306.O83875@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v924) Date: Tue, 3 Jun 2008 10:05:23 -0400 References: <6ae50c2d0805121128t7721bc1kda6f2a187be03165@mail.gmail.com> <6ae50c2d0806021652l1e079b0ft72cbb34c223474e7@mail.gmail.com> <4290E004-F4CF-4537-A9FC-B630BAD634CC@lesmuug.org> <20080603093306.O83875@maildrop.int.zabbadoz.net> X-Mailer: Apple Mail (2.924) X-Loftmail-Check: No X-Scanned-By: MIMEDefang 2.54 on 64.94.184.36 Cc: freebsd-jail@freebsd.org Subject: Re: FreeBSD-7.0 MULTIPLE-IPs X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2008 14:05:35 -0000 Hi Bjorn, On Jun 3, 2008, at 5:38 AM, Bjoern A. Zeeb wrote: > On Tue, 3 Jun 2008, Isaac Levy wrote: > > Hi ike, > >> I first learned Marko Zec's work on the virtual IP stack at >> EuroBSDCon 2007: >> http://2007.eurobsdcon.org/tutorial-virtualized-network-stack.html > > If you knew about things that happened at BSDCan 2008;-) Where have > you been? Oh, work :) I was pulled into a job which I let consume my entire life for a while here, I'll be out of the thick of it for summer. > > > >> However, Bjoern Zeeb has resumed a jail-specific multi-ip >> implimentation- the current status seems to be updated soemwhat >> frequently here (yay!): >> http://wiki.freebsd.org/Jails#head-27743b977485318e421b24962498cf007f70dacf >> >> "The multi-IPv4/v6 jails project was resumed in early January after >> previous work had been abandoned in 2006. >> As an alternate solution to full network stack virtualization, this >> work shall provide a lightweight solution for multi-IP >> virtualization. Perforce >> based on FreeBSD 7.x?/8.x" >> >> Sadly for you however, at the time of this writing, it seems the >> 7.x patches are 'in progress'. > > Well the entire things is "in progress" and as this is a FAQ the > RELENG_7 patch that is out there is a bit outdated and I am working on > an updated version as soon as I have tested what is in p4 on HEAD and > feel that it still is as stable as the old patch was. > BTW. Any HEAD version would be as old as the RELENG_7 one. > > Go here to find your way to the (old but stable) patch: > http://www.freebsd.org/news/status/report-2008-01-2008-03.html#Multi-IPv4/ > v6/no-IP-jails > > I'll keep people updated on this list as soon as I have anything new. Excellent! Thanks for posting the update! Rocket, .ike From owner-freebsd-jail@FreeBSD.ORG Tue Jun 3 22:13:50 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E31CD106564A for ; Tue, 3 Jun 2008 22:13:50 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id 99F9B8FC14 for ; Tue, 3 Jun 2008 22:13:50 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 3598D19E027; Wed, 4 Jun 2008 00:13:49 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 03A6619E023; Wed, 4 Jun 2008 00:13:43 +0200 (CEST) Message-ID: <4845C229.4020503@quip.cz> Date: Wed, 04 Jun 2008 00:14:01 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: Alexander Leidinger References: <20080224163005.GG15445@oak.pl> <20080225151304.nan0he4xcs8kk00w@webmail.leidinger.net> In-Reply-To: <20080225151304.nan0he4xcs8kk00w@webmail.leidinger.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, freebsd-jail@freebsd.org, Jan Srzednicki Subject: Re: A simple rc.d jail patch to enable priority X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2008 22:13:51 -0000 Alexander Leidinger wrote: > Quoting Jan Srzednicki (from Sun, 24 Feb 2008 17:30:05 > +0100): > >> Hello, >> >> I have written this tiny little patch to the jail rc.d script, which >> allows user to set jail nice value. It doesn't change any default >> behaviour. >> >> Can that make it to the trees? >> Patch attached. > > You need to provide documentation for it if you want that someone > considers it for inclusion into the tree. I took it and sent PR conf/124248 with patch for rc.d/jail, defaults/rc.conf and man5/rc.conf.5 Please let me know if commited, so I can update status of the patch on http://wiki.freebsd.org/Jails Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Fri Jun 6 05:39:55 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E2ED1065671 for ; Fri, 6 Jun 2008 05:39:55 +0000 (UTC) (envelope-from nbari@k9.cx) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.30]) by mx1.freebsd.org (Postfix) with ESMTP id C02D48FC12 for ; Fri, 6 Jun 2008 05:39:54 +0000 (UTC) (envelope-from nbari@k9.cx) Received: by yw-out-2324.google.com with SMTP id 9so487800ywe.13 for ; Thu, 05 Jun 2008 22:39:54 -0700 (PDT) Received: by 10.150.212.17 with SMTP id k17mr2853694ybg.68.1212729112466; Thu, 05 Jun 2008 22:11:52 -0700 (PDT) Received: from ?192.168.1.10? ( [148.244.166.166]) by mx.google.com with ESMTPS id j13sm6076611rne.0.2008.06.05.22.11.50 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 05 Jun 2008 22:11:51 -0700 (PDT) Message-Id: <4F5A1DE6-3E56-4F53-9C0F-90D318DF8AC7@k9.cx> From: Nicolas de Bari Embriz Garcia Rojas To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v924) Date: Fri, 6 Jun 2008 00:11:49 -0500 X-Mailer: Apple Mail (2.924) Subject: ipsec X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2008 05:39:55 -0000 I had to make an VPN using IPSEC, the vpn is on the master host and is working but if it is only available from the master host not the jails, how can i make the jails to ping/access/telnet the VPN? I have something like this: 192.10.10.1---->A.A.A.A<------VPN /INTERNET--------->B.B.B.B--- >196.18.20.121 jails1 --->A.A.A.1 _| jails2 --->A.A.A.2 _| the jail1 is the one that needs the vpn to acces but if y try to ping 196.18.20.121 from jail1 with public IP (A.A.A.1) does not get any response, the VPN is only working from the master host. Any ideas on how to fixt this? my kernel has already compiled with: options IPSEC options IPSEC_ESP options IPSEC_DEBUG options IPSEC_FILTERGIF device crypto device enc options IPSEC_NAT_T regards -- > nbari