From owner-freebsd-jail@freebsd.org Tue Dec 13 20:14:30 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2A8C5C76F1A for ; Tue, 13 Dec 2016 20:14:30 +0000 (UTC) (envelope-from ike@blackskyresearch.net) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 012921257 for ; Tue, 13 Dec 2016 20:14:26 +0000 (UTC) (envelope-from ike@blackskyresearch.net) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id A227C206C9 for ; Tue, 13 Dec 2016 15:14:25 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Tue, 13 Dec 2016 15:14:25 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= blackskyresearch.net; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=/wWBXDSnrEc1l4b a2St1skTkhY4=; b=h1+JkcAHYTZLh/yfllc1aSeLCR3+3Y5Rzoi41SOcPsr3rOR 6l8a5ZWsyTpeZtUMREKbnytytHtObCvbTBwOBZEutvmZjiuCcQNfA3zPFuk07re+ gDo/4ohs0ka7s+kl7L23drp0ttoinYsipwSbSGX0fWV7heXrOhWUps4Y4Zg0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=smtpout; bh=/wWBXDSnrEc1l4 ba2St1skTkhY4=; b=uEv3iRdfc7/qaMRmtp15K3oiJG5p5v+LmK67DidKdQ5M1K vmPNfWf05l8OjgekbVNtByftvMCiUqHJQRGt7voidlx9XNOeyOrbuArS8C5Z4sna MQoKstuP1xu/9OJJIdS48PWJorq9RkgV3Ue9yRLtwZF2/VOx6PhyTLiGPy8GY= X-ME-Sender: X-Sasl-enc: MjFyJ+TOiHiU75BEw70OWyf9xhBtp/6i+//UscC797yv 1481660065 Received: from [192.168.0.11] (cpe-24-90-224-248.nyc.res.rr.com [24.90.224.248]) by mail.messagingengine.com (Postfix) with ESMTPA id 6153A7ED6D for ; Tue, 13 Dec 2016 15:14:25 -0500 (EST) From: "Isaac (.ike) Levy" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: multiple interfaces for jail.conf(1) and jail_set(2) Message-Id: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> Date: Tue, 13 Dec 2016 15:14:24 -0500 To: freebsd-jail@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2016 20:14:30 -0000 Hi All, Can I specify multiple IP interfaces and assign IP=E2=80=99s to them = using jail.conf? I have jails with IPv4/IPv6 addresses on multiple physical interfaces, = as well as assigning a loopback. I have not found answers in the respective man pages or digging online. I=E2=80=99m finally starting to poke around to start using the = impressively simple jail.conf subsystem to manage jails. I have been = managing jails with simple custom start scripts since 99=E2=80=99, and = custom devfs rulesets since ~2006, so jail.conf(1) and jail_set(2) are a = big welcome change for me- really awesome and clean :) -- Additional detail to clarify my loopback use: In general, I always assign each jail it=E2=80=99s own a loopback IP = somewhere in the RFC5735 specified range, 127.0.0.0/8 - (simply saving = 127.0.0.1 for the jailing host), and then I simply set localhost to = point at it=E2=80=99s IP in /etc/hosts for the jail. On the host, I = simply add the IP alias to lo0 like any other interface. This is often overlooked in common jailing practice, but often = eliminates complexity and confusion for many userland daemons. For full = Virtual Server applications, loopback is simply dotting the i=E2=80=99s = and crossing the t=E2=80=99s. I can see how localhost would be challenging to automate for easy = jail.conf configuration, mostly, in picking a loopback IP for the jail = and not letting that get messy- etc=E2=80=A6 Thanks in advance for any info! Best, .ike