Date: Wed, 16 May 2012 18:31:26 +0200 From: =?UTF-8?B?SmFrdWIgU3phZnJhxYRza2k=?= <s@samu.pl> To: freebsd-hackers@freebsd.org. Subject: Separating IP addresses between users Message-ID: <4FB3D65E.4020107@samu.pl>
next in thread | raw e-mail | index | archive | help
Hi! So, I was given a task to separate IP addresses from (or between) users. The server has two groups of IP addresses, public and private. A public IP can be used by any user. A private IP can be used only by one, specific user. At the beginning, there were two obvious ways to perform this: a firewall, and jails. IPFW offers uid-based rules, but after some tests that didn't end up very well - the server used to freeze, or even crash because of this. So - jails. That would be a good way, I could even use the same rootfs for every jail to avoid tons of mountpoints, and I could specify a list of IP addresses for evey jail (a standard public pool, and one or more private IP, if it belongs to an user). So I've made a virtual machine and, unfortunatelly, I had to hit the ground - with more than 600-700 users the system used to freeze for 5-10 seconds each 1-2 minute, and then come back with a load of 700 and more. When I started something like 850-900 jails, the system was useless. And here, I need to separate more than 2000 users. Maybe this is the wrong maillist to ask such questions, but what would be the best approach to do this task? Has anybody tried to do this before? If not, can it be done in MAC framework, as a loadable module, or do I have to dig deeper? As usual: sorry for my bad english, it's not my native language. -- Best regards, Jakub SzafraĆski
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FB3D65E.4020107>