From owner-freebsd-net@freebsd.org  Thu Dec 17 23:48:20 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D896FA4AFAA
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Thu, 17 Dec 2015 23:48:20 +0000 (UTC)
 (envelope-from wollman@hergotha.csail.mit.edu)
Received: from hergotha.csail.mit.edu
 (wollman-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:ccb::2])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9F6A91BF0
 for <freebsd-net@freebsd.org>; Thu, 17 Dec 2015 23:48:20 +0000 (UTC)
 (envelope-from wollman@hergotha.csail.mit.edu)
Received: from hergotha.csail.mit.edu (localhost [127.0.0.1])
 by hergotha.csail.mit.edu (8.14.9/8.14.9) with ESMTP id tBHNmHD1035734
 for <freebsd-net@freebsd.org>; Thu, 17 Dec 2015 18:48:17 -0500 (EST)
 (envelope-from wollman@hergotha.csail.mit.edu)
Received: (from wollman@localhost)
 by hergotha.csail.mit.edu (8.14.9/8.14.4/Submit) id tBHNmHnA035731;
 Thu, 17 Dec 2015 18:48:17 -0500 (EST) (envelope-from wollman)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <22131.18881.757188.951230@hergotha.csail.mit.edu>
Date: Thu, 17 Dec 2015 18:48:17 -0500
From: Garrett Wollman <wollman@bimajority.org>
To: freebsd-net@freebsd.org
Subject: Per-jail private loopback
X-Mailer: VM 7.17 under 21.4 (patch 22) "Instant Classic" XEmacs Lucid
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (hergotha.csail.mit.edu [127.0.0.1]); Thu, 17 Dec 2015 18:48:17 -0500 (EST)
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,
 HEADER_FROM_DIFFERENT_DOMAINS autolearn=disabled version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 hergotha.csail.mit.edu
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2015 23:48:20 -0000

I'm a bit new to managing jails, and one of the things I'm finding I
need is a way for jails to have their own private loopback interfaces
-- so that things like sendmail and local DNS resolvers actually work
right without explicit configuration.  Is there any way of making this
work short of going all the way to full VIMAGE?  (I'm reluctant to do
the latter because it then means I have to carry two separate kernels,
one for performance and one for jail hosts.)  Or is VIMAGE cheap
enough that I won't notice the performance hit?  Does that even get me
to where I need to be (with each jail having its own 127.0.0.1)?

-GAWollman