From owner-freebsd-jail@freebsd.org Thu Dec 15 20:32:47 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3AB9CC820D5; Thu, 15 Dec 2016 20:32:47 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id EE15C1B33; Thu, 15 Dec 2016 20:32:46 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 56D67CB8CA1; Thu, 15 Dec 2016 14:33:41 -0600 (CST) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Thu, 15 Dec 2016 14:33:41 -0600 (CST) Message-ID: <14885.128.135.52.6.1481834021.squirrel@cosmo.uchicago.edu> In-Reply-To: <5852F876.5070807@quip.cz> References: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <45822529-2096-4B32-8515-F5875BEF7101@ellael.org> <56419.128.135.52.6.1481751332.squirrel@cosmo.uchicago.edu> <5852F876.5070807@quip.cz> Date: Thu, 15 Dec 2016 14:33:41 -0600 (CST) Subject: Re: multiple interfaces for jail.conf(1) and jail_set(2) From: "Valeri Galtsev" To: "Miroslav Lachman" <000.fbsd@quip.cz> Cc: "Michael Grimm" , freebsd-questions@freebsd.org, freebsd-jail@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 20:32:47 -0000 On Thu, December 15, 2016 2:09 pm, Miroslav Lachman wrote: > Michael Grimm wrote on 2016/12/15 19:36: >> [cc'd to freebsd-jail@FreeBSD.org where that thread originated] >> >> Valeri Galtsev wrote: >> >>> On Wed, December 14, 2016 2:30 pm, Michael Grimm wrote: >> >>>> # >>>> # network settings to apply/destroy during start/stop of every jail >>>> # >>>> exec.prestart = "sleep 2"; >>>> exec.prestart += "/sbin/ifconfig epair${jailID} create up"; >>>> exec.prestart += "/sbin/ifconfig bridge0 addm epair${jailID}a"; >>>> exec.start = "/sbin/sysctl net.inet6.ip6.dad_count=0"; >>>> exec.start += "/sbin/ifconfig lo0 127.0.0.1 up"; >>>> exec.start += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr}"; >>>> exec.start += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr}"; >>>> exec.start += "/sbin/route add default -gateway 10.1.1.254"; >>>> exec.start += "/sbin/route add -inet6 default -gateway >>>> ${ip6prefixLOCAL}::254"; >>>> exec.stop = "/sbin/route del default"; >>>> exec.stop += "/sbin/route del -inet6 default"; >>>> exec.stop += "/bin/sh /etc/rc.shutdown"; >>>> exec.poststop = "/sbin/ifconfig epair${jailID}a destroy"; >>>> >>>> # >>>> # individual jail settings >>>> # >>>> dns { >>>> $jailID = 1; >>>> $ip4_addr = 10.1.1.1; >>>> $ip4_addr_2 = 10.1.1.2; >> >> […] >> >>> Michael, is it possible to have two addresses belonging to two >>> different >>> networks (through two different network interfaces)? >>> >>> Say, on host system: >>> >>> ifconfig_igb0="inet 172.20.9.22 ... >>> ifconfig_igb1="inet 10.1.1.17 ... >>> >>> >>> and in some jail >>> >>> $ip4_addr = 172.20.9.22; >>> $ip4_addr_2 = 10.1.1.17; >>> >>> - will that work? This is what didn't work for me in the past when >>> configured jails old style in /etc/rc.conf >> >> I can't answer that because I have never tried it before. > > > > More IP addresses on more interfaces works for me for many years even in > old rc.conf style jails. > > Converted to new jail.conf is something like this > > costa { > host.hostname = "costa.example.com"; > ip4.addr = 94.104.135.21; > ip4.addr += 192.168.222.57; > } Thanks, Miroslav. I do not recollect "ip4.addr += ..." that must have been my problem (though I asked on mail lists and wasn't directed towards that, got the answer "not possible", - I must have been unlucky then). Valeri > > As you can see, IPs are from different networks. > We are not using auto add / remove IP on interfaces. We don't want to > have something else to manage IP addresses. All IPs are defined in > rc.conf on their proper interfaces. > In this case, first jail's IP is in bge1 and the second is on nfe0 (LAN > interface) > > I already made jail using VPN assigned IP on tun0 OpenVPN interface. > > In another words - jail doesn't care about interfaces. If there is an IP > in the system (on whatever interface) then you can assign it to jail and > you can assign as many IPs as you want (up to some really high limit). > > Miroslav Lachman > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++