From owner-freebsd-hackers@FreeBSD.ORG Fri May 11 14:01:36 2007 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1015016A400 for ; Fri, 11 May 2007 14:01:36 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 7A18613C448 for ; Fri, 11 May 2007 14:01:35 +0000 (UTC) (envelope-from andre@freebsd.org) Received: (qmail 96448 invoked from network); 11 May 2007 13:21:06 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 11 May 2007 13:21:06 -0000 Message-ID: <4644773E.60909@freebsd.org> Date: Fri, 11 May 2007 16:01:34 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b) Gecko/20050217 MIME-Version: 1.0 To: Ed Schouten References: <45F1C355.8030504@digitaldaemon.com> <20070511075857.GL23313@hoeg.nl> In-Reply-To: <20070511075857.GL23313@hoeg.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Hackers Subject: Re: Multiple IP Jail's patch for FreeBSD 6.2 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 May 2007 14:01:36 -0000 Ed Schouten wrote: > Hello, > > It may be interesting to mention that yesterday there was a presentation > at the NLUUG (Netherlands UNIX Users Group) conference by Marco Zec, who > once wrote a patchset for FreeBSD 4.11 (and is in the process of porting > it to FreeBSD 7.x) that gives each jail its own networking stack. > > You can hook up physical interfaces to jails or perform bridging between > jails through netgraph bridging code. That way you can create virtual > network topologies on a single box. This will allow you to use multiple > IPv4 and IPv6 addresses on each instance. You can even use (I)PF(W) > inside jails. I'm working on a "light" variant of multi-IPv[46] per jail. It doesn't create an entirely new network instance per jail and probably is more suitable for low- to mid-end (virtual) hosting. In those cases you normally want the host administrator to excercise full control over IP address and firewall configuration of the individual jails. For high-end stuff where you offer jail based virtual machines or network and routing simulations Marco's work is more appropriate. -- Andre > More information about this can be found at: > > http://www.tel.fer.hr/zec/vimage/ > http://imunes.net/ > > Yours,