From owner-freebsd-net@freebsd.org Fri Dec 18 02:28:53 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0118BA4AA5F for ; Fri, 18 Dec 2015 02:28:53 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B36E61FBD for ; Fri, 18 Dec 2015 02:28:52 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from amavis-ori.ijs.si (localhost [IPv6:::1]) by mail.ijs.si (Postfix) with ESMTP id 3pMDdr4J5MzRH for ; Fri, 18 Dec 2015 03:28:48 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h= user-agent:message-id:references:in-reply-to:organization :subject:subject:from:from:date:date:content-transfer-encoding :content-type:content-type:mime-version:received:received :received:received; s=jakla4; t=1450405725; x=1452997726; bh=m9l De/J/4vqUrBKW/PL9N2nNZobO4PyfwV/PvwxrjEA=; b=fAW+I0B77fP6uHJ6GGv WpMqQiJF1gqogNJ51hmPWqB+fjMPbhHY6qtGW/gFbZd10h1G0+tUsKcnyaaCJtst gAVVd/Cloz/gfYxgbJPl04VcDinbBvzciWB3wVmpm9bN8lGjnW0fvb1YkvIiCR+P db74D4Qtd/qHhhNI5tH3+bm4= X-Virus-Scanned: amavisd-new at ijs.si Received: from mail.ijs.si ([IPv6:::1]) by amavis-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10026) with LMTP id rMJ5UMzoJ4MP for ; Fri, 18 Dec 2015 03:28:45 +0100 (CET) Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1]) by mail.ijs.si (Postfix) with ESMTP id 3pMDdn6SrvzRG for ; Fri, 18 Dec 2015 03:28:45 +0100 (CET) Received: from nabiralnik.ijs.si (nabiralnik.ijs.si [IPv6:2001:1470:ff80::80:16]) by mildred.ijs.si (Postfix) with ESMTP id 3pMDdn4455z1Ff for ; Fri, 18 Dec 2015 03:28:45 +0100 (CET) Received: from sleepy.ijs.si (2001:1470:ff80:e001::1:1) by webmail.ijs.si with HTTP (HTTP/1.1 POST); Fri, 18 Dec 2015 03:28:45 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 18 Dec 2015 03:28:45 +0100 From: Mark Martinec To: freebsd-net@freebsd.org Subject: Re: Per-jail private loopback Organization: Jozef Stefan Institute In-Reply-To: <22131.18881.757188.951230@hergotha.csail.mit.edu> References: <22131.18881.757188.951230@hergotha.csail.mit.edu> Message-ID: X-Sender: Mark.Martinec+freebsd@ijs.si User-Agent: Roundcube Webmail/1.1.3 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2015 02:28:53 -0000 On 2015-12-18 00:48, Garrett Wollman wrote: > I'm a bit new to managing jails, and one of the things I'm finding I > need is a way for jails to have their own private loopback interfaces > -- so that things like sendmail and local DNS resolvers actually work > right without explicit configuration. Is there any way of making this > work short of going all the way to full VIMAGE? (I'm reluctant to do > the latter because it then means I have to carry two separate kernels, > one for performance and one for jail hosts.) Or is VIMAGE cheap > enough that I won't notice the performance hit? Does that even get me > to where I need to be (with each jail having its own 127.0.0.1)? You can create additional loopback interfaces for jails that need them, e.g. cloned_interfaces="lo1 lo2 lo3" or from a command line: ifconfig lo1 create up then assign them a unique address (through a jail setting), either from the 127.0.0.0/8 range (like 127.0.1.1/32), or some other private non-routable address, possibly an IPv6 address. In a jail you will then need to use this unique address for inter-process communication over a lo1 loopback interface. ip4_addr:lo1|127.0.1.1 Mark