From owner-freebsd-jail@freebsd.org Mon Sep 5 04:20:20 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 085D1B71315 for ; Mon, 5 Sep 2016 04:20:20 +0000 (UTC) (envelope-from James@Lodge.me.uk) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0106.outbound.protection.outlook.com [104.47.2.106]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7FD7ACC2 for ; Mon, 5 Sep 2016 04:20:18 +0000 (UTC) (envelope-from James@Lodge.me.uk) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gavinlodge.onmicrosoft.com; s=selector1-Lodge-me-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wXtqy6ZhbzzMuB1s2GeS+yuDz9JBYSwkhmrIuJKUpKQ=; b=H1O8jrgfGyIXsbCXbW4ggIrLyd8dJIvVzGZbAhgfMrluI5PN366Gm1NxkgCaGGJsyelsvB5rRgOQvzk9+LuCm+R+ZCWC3j8615Scc4rsMKvO6raRagvT7URBQwv0VJwQYK99ozpdNg5VDSIPgBWXHSswlrzOMiqVLtqM4IN90nc= Received: from AM4PR0601MB2081.eurprd06.prod.outlook.com (10.167.123.24) by AM4PR0601MB2083.eurprd06.prod.outlook.com (10.167.123.26) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.609.9; Sun, 4 Sep 2016 16:43:20 +0000 Received: from AM4PR0601MB2081.eurprd06.prod.outlook.com ([10.167.123.24]) by AM4PR0601MB2081.eurprd06.prod.outlook.com ([10.167.123.24]) with mapi id 15.01.0609.013; Sun, 4 Sep 2016 16:43:20 +0000 From: James Lodge To: Grzegorz Junka CC: "freebsd-jail@freebsd.org" Subject: Re: Changing jail's IP automatically Thread-Topic: Changing jail's IP automatically Thread-Index: AQHSBV4uLgfUvG4DUEy/8y53b6bozaBn5jQAgAAEjYWAAZ5RgIAAAxXN Date: Sun, 4 Sep 2016 16:43:20 +0000 Message-ID: <761D111F-F968-477B-9247-DABD205CEE1C@Lodge.me.uk> References: <872dfbe1-3f39-bf5f-44b2-611bd92a1210@gjunka.com> <4fa37d2e14665ff5a00548626e55142f@gritton.org> , <9fd404a3-f1cc-4510-1d38-5ca8dc85f5d3@gjunka.com> In-Reply-To: <9fd404a3-f1cc-4510-1d38-5ca8dc85f5d3@gjunka.com> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=James@Lodge.me.uk; x-originating-ip: [81.174.132.199] x-ms-office365-filtering-correlation-id: 0146b7b3-4288-4be3-8557-08d3d4e2945d x-microsoft-exchange-diagnostics: 1; AM4PR0601MB2083; 6:HCOf5ivC5+8olETnDchvljvyzDuK5sFOwoprhLpEY/JXiXjAF4yjcFOz5Zn0AgF7tsk7xiALNzzu2mZ58ZonWB1spxXu9xVaWGdNKqeACn9YJKhYXisJCJ+ea+Y3ZldegoCQKLhcyB22Xtx7fWjEvc5+MNAjCyefQusYCsiDspA+F70zPbdD929NIX5p2swbaBkuB2qxWoxvVG+UhfIgzjYoY116SiKigqbL4pxCSCDZMYmS6yERj/Yy0lpFMa4Bg86U+8BPomEaALrV4OPXX71pVi69q8ktPH/EPGGzjAp1JT720QCXyK/NP8PRmsVo; 5:wDuTNl8PZvzSvxxiNcYGJsgLBd94SrDn/3M1Xwz441Zkm8mFgA3puq+uRfLJTOqQp2X0iNCHSgSdKn+n4F12qk/ntrmO+TLe5HE+7r45mfrnruldf7XlBfkkcGlQhLCgedwBQnkdYWYJ+WXgUncOpQ==; 24:C+2Nm8hr1u3Gwn1Wy1Ok90YY/Y4bmnFqWci0PokIVLoOVEOGEForjeJNiMDeMPmLeWMC9EMvCFv9Wfqw2oB0rv0Ba1dPSExNzVBOfDPlJjo=; 7:eRkDmD033stN6ZzNBlpZdz1SBmvo8NnPfNeWLg/ArL5v75ycEuZ+zD5aaTVL9LzeaQVqjKc/1D1jqbsQ3+c5+PsBa90F7b/huM6V5rC/Vi0lFMj9gN6oQy0MTcifA6ExmzS1VEQZ4z6pIyK8Lro2yyIZPqRWikXB26NNYoa52whBQKe/deBMHgsknuRAEYPoqdlfF+bWRr9lznWOns8M5SwYghhSvbk7/cfvPKABz04x5JzE87Sm7zfVEsZj4FMM x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM4PR0601MB2083; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(75325880899374)(21532816269658); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6043046)(6042046); SRVR:AM4PR0601MB2083; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0601MB2083; x-forefront-prvs: 00550ABE1F x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(24454002)(377424004)(199003)(189002)(2906002)(83716003)(2900100001)(2950100001)(87936001)(11100500001)(92566002)(97736004)(101416001)(4326007)(105586002)(7846002)(74482002)(7736002)(189998001)(122556002)(19580405001)(19580395003)(93886004)(82746002)(106116001)(106356001)(80792005)(8936002)(3480700004)(6116002)(10400500002)(102836003)(305945005)(5660300001)(86362001)(110136002)(5002640100001)(3846002)(586003)(8676002)(50986999)(54356999)(3280700002)(81156014)(81166006)(3660700001)(76176999)(77096005)(66066001)(15975445007)(33656002)(36756003)(5003630100001)(68736007)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR0601MB2083; H:AM4PR0601MB2081.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: Lodge.me.uk does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Lodge.me.uk X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2016 16:43:20.5125 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ded56ae9-7c77-4cf6-bbfd-39e6a505742d X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0601MB2083 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Sep 2016 04:20:20 -0000 > On 4 Sep 2016, at 17:32, Grzegorz Junka wrote: >=20 > Probably it would, I didn't try. Is this is the proper way of solving thi= s issue? >=20 >=20 >> On 03/09/2016 15:49, James Lodge wrote: >> Would PF and NAT not work for you? NAT to the WLAN0 IP (DHCP assigned) u= sing PF macros and have a separate subnet for your jails? This would be PAT= so you might have issues with accessing services inbound if you're using t= he same port in multiple jails. Just an idea..... >>=20 >> Sent from my iPad >>=20 >>>> On 3 Sep 2016, at 16:33, James Gritton wrote: >>>>=20 >>>> On 2016-09-02 15:08, Grzegorz Junka wrote: >>>> I am using a jail on my laptop and I often connect to different >>>> WiFi's, which of course assign different IPs to my laptop. I set up >>>> the jail by adding an alias to wlan0 and I need to update the IP every >>>> time I switch the WiFi network. Is it possible to create a jail with >>>> IP assigned dynamically, e.g. from DHCP, or at least switch between >>>> predefined IPs more easily than by editing /etc/jail.conf? >>> You can always add addresses later. I would create the jail without an= y IP address specified in jail.conf, and then have a exec.poststart script = that sets the address using something like "jail -m name=3Dfoo ip4.addr=3D1= .2.3.4". And similarly when the network switches, it would need to trigger= a similar script that resets the address. >>>=20 >>> It's a little more complicated that than though: network daemons will b= e bound to the old address after the switch, so you'll need to run the prop= er service(8) commands to restart those, in the right order. Or depending = on the service, maybe a kick of some sort (like a kill -1) would do the tri= ck. >>>=20 >>> And at start time, if the jail has no IP address of its own, anything i= t runs will use the regular system IP addresses. That's definitely not wha= t you want. Unfortunately, jail(8) doesn't have a way to run a script in t= he system environment after the jail is created but before exec.start is ru= n. That would be the right place to set the initial address. So barring t= hat, you may want to have network services not started up at all, until thi= s poststart script sets the address. So it's still not a simple issue. >>>=20 >>> - Jamie >>> _______________________________________________ >>> freebsd-jail@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-jail >>> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >=20 > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" There are many way to handle it, using NAT would be the easiest and the way= products like VirtualBox and VMware workstation handles it's on a desktop/= laptop.=20