From owner-freebsd-questions@FreeBSD.ORG  Wed Aug 28 14:25:10 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 7F5EC4B0
 for <freebsd-questions@freebsd.org>; Wed, 28 Aug 2013 14:25:10 +0000 (UTC)
 (envelope-from aimass@yabarana.com)
Received: from mail-pd0-f180.google.com (mail-pd0-f180.google.com
 [209.85.192.180])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 578032ABC
 for <freebsd-questions@freebsd.org>; Wed, 28 Aug 2013 14:25:10 +0000 (UTC)
Received: by mail-pd0-f180.google.com with SMTP id y10so6358435pdj.11
 for <freebsd-questions@freebsd.org>; Wed, 28 Aug 2013 07:25:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=7KpAgEivIXzagbhilltxLtqtWtWDvechNRmvTrnct1M=;
 b=SVOQMwpv7zOz5pBGUL+L7FA8QBSxUcv/HxJQgjQofgAbeBtai1MNgxJTDVMqtKDkF+
 u4CMxW7VHO6fxAlS+3x+1NWi9Zg2tKL+T7eXyjdOLazpx7/1OQTWJaD1BnR9nVRdK2Nf
 GQ8nmrLrvE4RPNLtbhyMeM6DgeUiXb1pbvVEEpAwv3Q4bfCgqmdMw7Scx8gOOf3c4AS0
 ADBAw7bcFm9JcwZiA8rfQ3bvFPNdMgv+SHZUw4wl/dHDvuNWkFI3Tkfh8aSdcuzGkyiA
 y8t94eS++q0iUnctqIEFvKbZ0+JlfUF6H/fqV4l/jRWg7TJAaf5w75GQ0WmIonOwrFq9
 dIxg==
X-Gm-Message-State: ALoCoQlfIt6oaY/zVbZkjnGpWVGuiGYePv0EUszdxutoVBg5mxPgapYkgxVC86eY/lCwoMhLvRWs
MIME-Version: 1.0
X-Received: by 10.66.219.68 with SMTP id pm4mr15179687pac.161.1377699909401;
 Wed, 28 Aug 2013 07:25:09 -0700 (PDT)
Received: by 10.66.240.5 with HTTP; Wed, 28 Aug 2013 07:25:09 -0700 (PDT)
In-Reply-To: <521DC5EC.1010701@fjl.co.uk>
References: <CAHieY7Sq5XKFuwp9PYnbuLAM6i=6KrrS8h-RM2uJUCzgAQ5rcw@mail.gmail.com>
 <CAHieY7QnkKv3st31tFHipd7q1jZ1YnFAXizQvgFKjH4oPc5Hsw@mail.gmail.com>
 <CA+dWbmYDfNNAv1kV=68eGQ8ySs9G07TZz_6zE0Fkit5t40484g@mail.gmail.com>
 <CAHieY7ROHTret4QgCfgUaO5t1HwPzoi8O+85y7KKjCW=haoGmg@mail.gmail.com>
 <CA+dWbmb6VqmjQAiEyLmsE_+P8bHNZxf_Yff7BZAzdDEM3Ka4SA@mail.gmail.com>
 <521DC5EC.1010701@fjl.co.uk>
Date: Wed, 28 Aug 2013 10:25:09 -0400
Message-ID: <CAHieY7TpuAcpEAqLc8=kUf=GOiwu2DonoRkTJ60stBUsVMQCcQ@mail.gmail.com>
Subject: Re: Jail with public IP alias
From: Alejandro Imass <aimass@yabarana.com>
To: Frank Leonhardt <frank2@fjl.co.uk>
Content-Type: text/plain; charset=ISO-8859-1
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2013 14:25:10 -0000

On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt <frank2@fjl.co.uk> wrote:
> On28/08/2013 00:19, Patrick wrote:
>>
>> On Tue, Aug 27, 2013 at 3:42 PM, Alejandro Imass <aimass@yabarana.com>
>> wrote:
>>>

[...]

>
> (Tidied up so all now bottom posted)
>
> I can confirm that you shouldn't be seeing this behaviour because I don't. I
> don't use EzJail - i prefer "vi". Seriously, setting up a jail is very
> straightforward anyway, and when I tried ezjail I found it was doing stuff I
> didn't like, so dropped it early on. It was a long time ago and I've
> forgotten the specifics.
>
> I guess if you're using it your new to this particular game, so please
> excuse me pointing out a few basics here.
>

We use Ezjail not because it's easy or because we're new to jails, I
think you might be confused on what EzJail actually is and why people
use it. We use it because we manage a private cloud exclusively based
on FBSD with about a dozen servers with a couple dozen jails each. I
use EzJail because it allows us to manage just shy of 300 separate
environments with only a couple of sysadmins, and with optimized
system resources. We use it because IT ROCKS.

> Although I can't exactly see how this would cause a problem, remember that
> many service will bind to ALL IP addresses when they start up, and if they

[...]

> I can't see a mechanism that would get the results you're seeing, but I
> don't know what ezjail might be doing. I suspect your problem is with ezjail
> or something bizzare on your network config; can you try it manually?

After my OP I immediately sent out second mail stating that the
problem is not with Jails or EzJail and it's related to the way that
aliases behave on a network interface card. When you have aliases that
are on the same subnet, the source IP is the primary IP , that is the
first IP set on that network device. You can test this with out jails
with a simple ssh connection to another server and then typing who.
Even if you force ssh to bind to a particular IP using -b it will
still show the primary IP. If you have aliases on different subnets
this will not happen.

Best,

-- 
Alejandro Imass