Date: Wed, 14 Dec 2016 15:39:43 -0500 From: "Isaac (.ike) Levy" <ike@blackskyresearch.net> To: Michael Grimm <trashcan@ellael.org> Cc: freebsd-jail@FreeBSD.org Subject: Re: multiple interfaces for jail.conf(1) and jail_set(2) Message-ID: <907B489D-899A-4204-96D8-ACF86EE829A7@blackskyresearch.net> In-Reply-To: <45822529-2096-4B32-8515-F5875BEF7101@ellael.org> References: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <45822529-2096-4B32-8515-F5875BEF7101@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Wow, that=E2=80=99s rad Michael,
> On Dec 14, 2016, at 3:30 PM, Michael Grimm <trashcan@ellael.org> =
wrote:
>=20
> Isaac (.ike) Levy <ike@blackskyresearch.net> wrote:
>=20
>> Can I specify multiple IP interfaces and assign IP=E2=80=99s to them =
using jail.conf?
>=20
> Not sure if I understand your question correctly, but I do define the =
following in my jail.conf for VNET jails:
>=20
> #
> # host dependent global settings
> #
> $ip6prefixLOCAL =3D "fd00:dead:beef:1234";
>=20
> #
> # global jail settings
> #
> host.hostname =3D "${name}";
> path =3D "/usr/home/jails/${name}";
> mount.fstab =3D "/etc/fstab.${name}";
> exec.consolelog =3D "/var/log/jail_${name}_console.log";
> vnet =3D "new";
> vnet.interface =3D "epair${jailID}b";
> exec.clean;
> mount.devfs;
> persist;
>=20
> #
> # network settings to apply/destroy during start/stop of every jail
> #
> exec.prestart =3D "sleep 2";
> exec.prestart +=3D "/sbin/ifconfig epair${jailID} create up";
> exec.prestart +=3D "/sbin/ifconfig bridge0 addm =
epair${jailID}a";
> exec.start =3D "/sbin/sysctl net.inet6.ip6.dad_count=3D0";
> exec.start +=3D "/sbin/ifconfig lo0 127.0.0.1 up";
> exec.start +=3D "/sbin/ifconfig epair${jailID}b inet =
${ip4_addr}";
> exec.start +=3D "/sbin/ifconfig epair${jailID}b inet6 =
${ip6_addr}";
> exec.start +=3D "/sbin/route add default -gateway =
10.1.1.254";
> exec.start +=3D "/sbin/route add -inet6 default -gateway =
${ip6prefixLOCAL}::254";
> exec.stop =3D "/sbin/route del default";
> exec.stop +=3D "/sbin/route del -inet6 default";
> exec.stop +=3D "/bin/sh /etc/rc.shutdown";
> exec.poststop =3D "/sbin/ifconfig epair${jailID}a =
destroy";
>=20
> #
> # individual jail settings
> #
> dns {
> $jailID =3D 1;
> $ip4_addr =3D 10.1.1.1;
> $ip4_addr_2 =3D 10.1.1.2;
> $ip6_addr =3D ${ip6prefixLOCAL}::1/64;
> $ip6_addr_2 =3D ${ip6prefixLOCAL}::2/64;
> exec.start +=3D "/sbin/ifconfig epair${jailID}b inet =
${ip4_addr_2} alias";
> exec.start +=3D "/sbin/ifconfig epair${jailID}b inet6 =
${ip6_addr_2} alias";
> exec.start +=3D "/bin/sh /etc/rc";
> }
>=20
> etc.
I=E2=80=99ll need to study/look up some of that syntax, to fully grok =
this, but that comprehensive example appears to hit the nail on the head =
several times over with the exec.start/exec.stop action.
Two questions though:
- I=E2=80=99m confused how you define the shell style $ variables in =
your individual jail settings above, e.g. =E2=80=98$ip4_addr_2 =3D =
10.1.1.2;=E2=80=99, why/how does that work? Is that a variable to be =
expanded, or some other behavior?
> Again, not sure if I do understand your issue correctly, but the shown =
examples of exec.start, exec.stop, etc. are quite versatile to use.
>=20
> I do start/stop my jails by "service jail start/stop=E2=80=9D.
- Obviously you state you=E2=80=99re using service to start/stop jails, =
but shouldn=E2=80=99t this work with =E2=80=98jail -c <jailname>=E2=80=99,=
or are these subsystems not interoperable?
Thanks!
Best,
.ike
>=20
> Hope that helps,
> Michael
>=20
>=20
>=20
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to =
"freebsd-jail-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?907B489D-899A-4204-96D8-ACF86EE829A7>