Date: Wed, 28 Aug 2013 10:25:09 -0400 From: Alejandro Imass <aimass@yabarana.com> To: Frank Leonhardt <frank2@fjl.co.uk> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Jail with public IP alias Message-ID: <CAHieY7TpuAcpEAqLc8=kUf=GOiwu2DonoRkTJ60stBUsVMQCcQ@mail.gmail.com> In-Reply-To: <521DC5EC.1010701@fjl.co.uk> References: <CAHieY7Sq5XKFuwp9PYnbuLAM6i=6KrrS8h-RM2uJUCzgAQ5rcw@mail.gmail.com> <CAHieY7QnkKv3st31tFHipd7q1jZ1YnFAXizQvgFKjH4oPc5Hsw@mail.gmail.com> <CA%2BdWbmYDfNNAv1kV=68eGQ8ySs9G07TZz_6zE0Fkit5t40484g@mail.gmail.com> <CAHieY7ROHTret4QgCfgUaO5t1HwPzoi8O%2B85y7KKjCW=haoGmg@mail.gmail.com> <CA%2BdWbmb6VqmjQAiEyLmsE_%2BP8bHNZxf_Yff7BZAzdDEM3Ka4SA@mail.gmail.com> <521DC5EC.1010701@fjl.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt <frank2@fjl.co.uk> wrote: > On28/08/2013 00:19, Patrick wrote: >> >> On Tue, Aug 27, 2013 at 3:42 PM, Alejandro Imass <aimass@yabarana.com> >> wrote: >>> [...] > > (Tidied up so all now bottom posted) > > I can confirm that you shouldn't be seeing this behaviour because I don't. I > don't use EzJail - i prefer "vi". Seriously, setting up a jail is very > straightforward anyway, and when I tried ezjail I found it was doing stuff I > didn't like, so dropped it early on. It was a long time ago and I've > forgotten the specifics. > > I guess if you're using it your new to this particular game, so please > excuse me pointing out a few basics here. > We use Ezjail not because it's easy or because we're new to jails, I think you might be confused on what EzJail actually is and why people use it. We use it because we manage a private cloud exclusively based on FBSD with about a dozen servers with a couple dozen jails each. I use EzJail because it allows us to manage just shy of 300 separate environments with only a couple of sysadmins, and with optimized system resources. We use it because IT ROCKS. > Although I can't exactly see how this would cause a problem, remember that > many service will bind to ALL IP addresses when they start up, and if they [...] > I can't see a mechanism that would get the results you're seeing, but I > don't know what ezjail might be doing. I suspect your problem is with ezjail > or something bizzare on your network config; can you try it manually? After my OP I immediately sent out second mail stating that the problem is not with Jails or EzJail and it's related to the way that aliases behave on a network interface card. When you have aliases that are on the same subnet, the source IP is the primary IP , that is the first IP set on that network device. You can test this with out jails with a simple ssh connection to another server and then typing who. Even if you force ssh to bind to a particular IP using -b it will still show the primary IP. If you have aliases on different subnets this will not happen. Best, -- Alejandro Imass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHieY7TpuAcpEAqLc8=kUf=GOiwu2DonoRkTJ60stBUsVMQCcQ>