From owner-freebsd-jail@FreeBSD.ORG Mon Jul 7 17:39:27 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3DD411065670 for ; Mon, 7 Jul 2008 17:39:27 +0000 (UTC) (envelope-from c2thunes@brewtab.com) Received: from mail.brewtab.com (dauphin.brewtab.com [208.86.224.67]) by mx1.freebsd.org (Postfix) with ESMTP id EDCD78FC23 for ; Mon, 7 Jul 2008 17:39:26 +0000 (UTC) (envelope-from c2thunes@brewtab.com) Received: from [10.1.2.238] (unknown [209.170.142.32]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.brewtab.com (Postfix) with ESMTPSA id 5ED9A65FB; Mon, 7 Jul 2008 13:39:26 -0400 (EDT) Message-ID: <487254C2.1030808@brewtab.com> Date: Mon, 07 Jul 2008 13:39:14 -0400 From: Christopher Thunes User-Agent: Mozilla-Thunderbird 2.0.0.14 (X11/20080509) MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <20080617175607.B83875@maildrop.int.zabbadoz.net> <6ae50c2d0806191123v1794d682rcae256d3a22625ed@mail.gmail.com> <48724934.8050503@brewtab.com> <20080707170411.N57089@maildrop.int.zabbadoz.net> In-Reply-To: <20080707170411.N57089@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2008 17:39:27 -0000 Hi Bjoern, I apologize for not including this information originally. This is the 7.0-RELEASE patch but I applied it against a kernel with the memory limits patch already in place. I had to manually merge most of kern_jail.c by hand. I tried again to start a jail and found that I could run the following and it works as you demonstrated. [root@virt] ~ # jail -n test1 /usr/jail/4001/ test1 208.86.224.219,10.11.40.2 /sbin/ifconfig -a priv0: flags=8843 metric 0 mtu 1500 options=19b ether 00:30:48:c2:89:2a inet 10.11.40.2 netmask 0xffffffff broadcast 10.11.40.2 media: Ethernet autoselect (1000baseTX ) status: active pub0: flags=8843 metric 0 mtu 1500 options=19b ether 00:30:48:c2:89:2b inet 208.86.224.219 netmask 0xffffffff broadcast 208.86.224.219 media: Ethernet autoselect (100baseTX ) status: active That is one IP each from two interfaces. I tried with two from the public interface and one from the private interface and then it failed to assign the address on the private interface. All necessary aliases have been created. [root@virt] ~ # jail -n test1 /usr/jail/4001/ test1 208.86.224.219,208.86.224.220,10.11.40.2 /sbin/ifconfig -a priv0: flags=8843 metric 0 mtu 1500 options=19b ether 00:30:48:c2:89:2a media: Ethernet autoselect (1000baseTX ) status: active pub0: flags=8843 metric 0 mtu 1500 options=19b ether 00:30:48:c2:89:2b inet 208.86.224.219 netmask 0xffffffff broadcast 208.86.224.219 inet 208.86.224.220 netmask 0xffffffff broadcast 208.86.224.220 media: Ethernet autoselect (100baseTX ) status: active Other combinations give other strange results. Assigning two address from each interface resulted in two being assigned to the private interface but only one to the public interface. I'm not sure what's going on or if I'm just doing something stupid but any insight would be appreciated. Much Thanks, Chris Bjoern A. Zeeb wrote: > On Mon, 7 Jul 2008, Christopher Thunes wrote: > > Hi, > >> Should these patches allow multiples IPs which are on multiple >> interfaces? I've been playing around with this and was unable to >> assign IP address from more than one interface correctly. jls will >> show all IPs correctly but from within the jail only IPs from one >> interface show up in ifconfig and are able to be binded to. > > Did the patch apply cleanly? Which one? Which release? > > dopt# ifconfig lo1 create > dopt# ifconfig lo1 inet 192.0.2.100/32 > dopt# ifconfig lo2 create > dopt# ifconfig lo2 inet 192.0.2.200/32 > dopt# jail -n multiif /local/jails/j1 dopt 192.0.2.100,192.0.2.200 > /sbin/ifconfig -a > fxp0: flags=8802 metric 0 mtu 1500 > options=b > ether 00:e0:81:31:db:62 > media: Ethernet autoselect (none) > status: no carrier > bge0: flags=8843 metric 0 mtu 1500 > options=9b > ether 00:e0:81:31:db:8c > media: Ethernet autoselect (1000baseTX ) > status: active > bge1: flags=8802 metric 0 mtu 1500 > options=9b > ether 00:e0:81:31:db:8d > media: Ethernet autoselect (none) > status: no carrier > lo0: flags=8049 metric 0 mtu 16384 > lo1: flags=8049 metric 0 mtu 16384 > inet 192.0.2.100 netmask 0xffffffff > lo2: flags=8049 metric 0 mtu 16384 > inet 192.0.2.200 netmask 0xffffffff > dopt# > > Works here. > > > Greetings > Bjoern >