Date: Fri, 18 Dec 2015 03:28:45 +0100 From: Mark Martinec <Mark.Martinec+freebsd@ijs.si> To: freebsd-net@freebsd.org Subject: Re: Per-jail private loopback Message-ID: <e1c78ed15635242b10e638588265f023@mailbox.ijs.si> In-Reply-To: <22131.18881.757188.951230@hergotha.csail.mit.edu> References: <22131.18881.757188.951230@hergotha.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2015-12-18 00:48, Garrett Wollman wrote: > I'm a bit new to managing jails, and one of the things I'm finding I > need is a way for jails to have their own private loopback interfaces > -- so that things like sendmail and local DNS resolvers actually work > right without explicit configuration. Is there any way of making this > work short of going all the way to full VIMAGE? (I'm reluctant to do > the latter because it then means I have to carry two separate kernels, > one for performance and one for jail hosts.) Or is VIMAGE cheap > enough that I won't notice the performance hit? Does that even get me > to where I need to be (with each jail having its own 127.0.0.1)? You can create additional loopback interfaces for jails that need them, e.g. cloned_interfaces="lo1 lo2 lo3" or from a command line: ifconfig lo1 create up then assign them a unique address (through a jail setting), either from the 127.0.0.0/8 range (like 127.0.1.1/32), or some other private non-routable address, possibly an IPv6 address. In a jail you will then need to use this unique address for inter-process communication over a lo1 loopback interface. ip4_addr:lo1|127.0.1.1 Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e1c78ed15635242b10e638588265f023>