Date: Tue, 11 Apr 2017 15:15:17 -0400 From: Ernie Luzar <luzar722@gmail.com> To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org Subject: Re: Q. Re loopback address for jails Message-ID: <58ED2B45.10908@gmail.com> In-Reply-To: <8116ebb9b81db0c913af691c59f2a391.squirrel@webmail.harte-lyne.ca> References: <8116ebb9b81db0c913af691c59f2a391.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
James B. Byrne via freebsd-questions wrote: > Given that for a FreeBSD jail one clones the lo interface and assigns > a different address than 127.0.0.1 say 127.0.33.1 what files does one > need to change throughout the jail? > > I have modified /usr/jails/jail/etc/hosts, > /usr/jails/jail/etc/resolv.conf and > usr/jails/jail/etc/ssh/sshd_config. I note however that there are a > very large number of configuration files throughout the jail that > contain a literal value of 127.0.0.1. Do all of these need updating? > > Under /usr/jails/jail/usr/local/etc/ there are also files that > contain 127.0.0.1 as literal values, > /usr/jails/hlldns02/usr/local/etc/rc.d/named for example. How does > one handle rc.d scripts that specify 127.0.0.1? > > If these all require manual alteration then why is not localhost used > instead? Then one would only need alter the hosts file. > Anything you do for the lo0/127.0.0.1 interface in a jail is just so much wasted effort. It's not needed nor required in all most all usage cases. The exception is for those cases when you are running an application in the jail that purposefully uses the lo0 interface. For that use case only, you need to do the clone lo0 thing and change the config file for that application to use the newly allocated lo1/127.0.2.1 setup and leave all the other normal setting un-touched. Take note there is no official documentation on jail(8) and the lo0 interface that gives credence to cloning the lo0 interface for all jails. The jail-ezjail section of the handbook does talk about the cloning of the lo0 interface for all ezjails. This is something that maybe the author of that section thinks is a unique requirement for ezjail, but this thinking should not be extrapolated to mean all non-ezjails also need it. On the other hand, based on my experience using ezjail, ezjail lo0 default usage also falls under the usage cases talked about above and that handbook section should be corrected to reflect that, thus removing the confusion it's current content is causing. Just step back and think about it for a moment. If jail(8) really needed some kind of special handling of the lo0 interface it would be very easy to find official documentation on this subject. In conclusion; Don't try to fix a problem that doesn't exist.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58ED2B45.10908>