From owner-freebsd-questions@freebsd.org Tue Apr 11 19:15:13 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AABE1D3A47A for ; Tue, 11 Apr 2017 19:15:13 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 714C29FD for ; Tue, 11 Apr 2017 19:15:13 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x231.google.com with SMTP id a103so15151846ioj.1 for ; Tue, 11 Apr 2017 12:15:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=ZXPKpgONRYSp+UUhdXYrUr9dUYKb8vLW0IpOQ5ycYuw=; b=ffwbBBP2SXxdUkJKb8xzh2m/2BuV/zblqpGM3JszksnQJSJ/z9Q+FqRuNg/eGvbl1x RtUZmLuhHcw598jsI0J4GOyuc/JM+xQD8e8qk2uzWjbxwgrsikGLX8QX4bMoYb1rMtUx 3iMl+3OmFj0tR4E0nnp2Xx9hpUqjkbsDYQV9dD8oY8FnmhMOA8n5BIv0doELLfQOOszV S4wir3qQGuJl5mIAq19Dj+wo3NaTlgkc+R8nupCFnr4HBl1H6uSsHiHD6tLgpOHeDVY9 0NgTPveAxAhkzsnHSFqk1/ZPmoKShfZ7h0P8Wd+mzojpPC6YIvE+Vo9JeZKPSIzPVL3h yf+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=ZXPKpgONRYSp+UUhdXYrUr9dUYKb8vLW0IpOQ5ycYuw=; b=a1QFm+QHcSD3twcTcJhMzbvdIoBjV8PUN71fbiuDWlcp2Pr8v2DBsiH4OYSW9+dxNE +WbjcHK0wo60pHT3quEsC0uAgRaSRfh5PKCuibd0UwmDaCjtIBWn1jCr25aVSWSR1MgF NL5wKJ0RCwfpE12piY5Hcx/EdJ5dUj1/mqYcIyNwbea4kky9nQgkagXvKXuSlIH9ryoA aNs3Im09dLqhT03PVlmwZQbrQP3eDlx7KVepxBeggMF9wapd3e8tUiYHUosPosqC6YKa PEYh6fzTBWw3BCh2oimAtBcPcuoWdByNexFQR5VlfsQ1uqhV5iib6QCqrqe9Q/xsC8oj ReBg== X-Gm-Message-State: AN3rC/4UJVr5TolsRAwqJ6Rj/9NW0CE8tDGH9wdJNLjBaeputnAhgILJhvpxokd/PyEQew== X-Received: by 10.36.7.3 with SMTP id f3mr18707393itf.27.1491938101317; Tue, 11 Apr 2017 12:15:01 -0700 (PDT) Received: from [10.0.10.3] (cpe-74-141-88-57.neo.res.rr.com. [74.141.88.57]) by smtp.googlemail.com with ESMTPSA id l5sm1296776ita.13.2017.04.11.12.15.00 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 11 Apr 2017 12:15:00 -0700 (PDT) Message-ID: <58ED2B45.10908@gmail.com> Date: Tue, 11 Apr 2017 15:15:17 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: byrnejb@harte-lyne.ca CC: freebsd-questions@freebsd.org Subject: Re: Q. Re loopback address for jails References: <8116ebb9b81db0c913af691c59f2a391.squirrel@webmail.harte-lyne.ca> In-Reply-To: <8116ebb9b81db0c913af691c59f2a391.squirrel@webmail.harte-lyne.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Apr 2017 19:15:13 -0000 James B. Byrne via freebsd-questions wrote: > Given that for a FreeBSD jail one clones the lo interface and assigns > a different address than 127.0.0.1 say 127.0.33.1 what files does one > need to change throughout the jail? > > I have modified /usr/jails/jail/etc/hosts, > /usr/jails/jail/etc/resolv.conf and > usr/jails/jail/etc/ssh/sshd_config. I note however that there are a > very large number of configuration files throughout the jail that > contain a literal value of 127.0.0.1. Do all of these need updating? > > Under /usr/jails/jail/usr/local/etc/ there are also files that > contain 127.0.0.1 as literal values, > /usr/jails/hlldns02/usr/local/etc/rc.d/named for example. How does > one handle rc.d scripts that specify 127.0.0.1? > > If these all require manual alteration then why is not localhost used > instead? Then one would only need alter the hosts file. > Anything you do for the lo0/127.0.0.1 interface in a jail is just so much wasted effort. It's not needed nor required in all most all usage cases. The exception is for those cases when you are running an application in the jail that purposefully uses the lo0 interface. For that use case only, you need to do the clone lo0 thing and change the config file for that application to use the newly allocated lo1/127.0.2.1 setup and leave all the other normal setting un-touched. Take note there is no official documentation on jail(8) and the lo0 interface that gives credence to cloning the lo0 interface for all jails. The jail-ezjail section of the handbook does talk about the cloning of the lo0 interface for all ezjails. This is something that maybe the author of that section thinks is a unique requirement for ezjail, but this thinking should not be extrapolated to mean all non-ezjails also need it. On the other hand, based on my experience using ezjail, ezjail lo0 default usage also falls under the usage cases talked about above and that handbook section should be corrected to reflect that, thus removing the confusion it's current content is causing. Just step back and think about it for a moment. If jail(8) really needed some kind of special handling of the lo0 interface it would be very easy to find official documentation on this subject. In conclusion; Don't try to fix a problem that doesn't exist.