From owner-freebsd-questions@freebsd.org Wed Dec 14 22:56:47 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 314E2C77479 for ; Wed, 14 Dec 2016 22:56:47 +0000 (UTC) (envelope-from doug@safeport.com) Received: from cyrus.watson.org (cyrus.watson.org [198.74.231.69]) by mx1.freebsd.org (Postfix) with ESMTP id 0E994E16 for ; Wed, 14 Dec 2016 22:56:47 +0000 (UTC) (envelope-from doug@safeport.com) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 4F39B46F7A; Wed, 14 Dec 2016 17:56:45 -0500 (EST) Received: from fledge.watson.org (doug@localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.15.2/8.15.2) with ESMTP id uBEMujGH004511; Wed, 14 Dec 2016 17:56:45 -0500 (EST) (envelope-from doug@safeport.com) Received: from localhost (doug@localhost) by fledge.watson.org (8.15.2/8.15.2/Submit) with ESMTP id uBEMuie9004507; Wed, 14 Dec 2016 17:56:44 -0500 (EST) (envelope-from doug@safeport.com) X-Authentication-Warning: fledge.watson.org: doug owned process doing -bs Date: Wed, 14 Dec 2016 17:56:44 -0500 (EST) From: doug@safeport.com X-X-Sender: doug@fledge.watson.org Reply-To: doug@fledge.watson.org To: Michael Grimm , freebsd-questions@freebsd.org Subject: Re: multiple interfaces for jail.conf(1) and jail_set(2) In-Reply-To: <56419.128.135.52.6.1481751332.squirrel@cosmo.uchicago.edu> Message-ID: References: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <45822529-2096-4B32-8515-F5875BEF7101@ellael.org> <56419.128.135.52.6.1481751332.squirrel@cosmo.uchicago.edu> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (fledge.watson.org [127.0.0.1]); Wed, 14 Dec 2016 17:56:45 -0500 (EST) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 22:56:47 -0000 On Wed, 14 Dec 2016, Valeri Galtsev wrote: > > On Wed, December 14, 2016 2:30 pm, Michael Grimm wrote: >> Isaac (.ike) Levy wrote: >> >>> Can I specify multiple IP interfaces and assign IP???s to them using >>> jail.conf? The short answer is yes. The interfaces and/or IPs are defined in the usual way in the host. How they are defined in the jail depends on what you use to manage the jails. If nothing, man jail is the thing to follow >> Not sure if I understand your question correctly, but I do define the >> following in my jail.conf for VNET jails: >> >> # >> # host dependent global settings >> # >> $ip6prefixLOCAL = "fd00:dead:beef:1234"; >> >> # >> # global jail settings >> # >> host.hostname = "${name}"; >> path = "/usr/home/jails/${name}"; >> mount.fstab = "/etc/fstab.${name}"; >> exec.consolelog = "/var/log/jail_${name}_console.log"; >> vnet = "new"; >> vnet.interface = "epair${jailID}b"; >> exec.clean; >> mount.devfs; >> persist; >> >> # >> # network settings to apply/destroy during start/stop of every jail >> # >> exec.prestart = "sleep 2"; >> exec.prestart += "/sbin/ifconfig epair${jailID} create up"; >> exec.prestart += "/sbin/ifconfig bridge0 addm epair${jailID}a"; >> exec.start = "/sbin/sysctl net.inet6.ip6.dad_count=0"; >> exec.start += "/sbin/ifconfig lo0 127.0.0.1 up"; >> exec.start += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr}"; >> exec.start += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr}"; >> exec.start += "/sbin/route add default -gateway 10.1.1.254"; >> exec.start += "/sbin/route add -inet6 default -gateway >> ${ip6prefixLOCAL}::254"; >> exec.stop = "/sbin/route del default"; >> exec.stop += "/sbin/route del -inet6 default"; >> exec.stop += "/bin/sh /etc/rc.shutdown"; >> exec.poststop = "/sbin/ifconfig epair${jailID}a destroy"; >> >> # >> # individual jail settings >> # >> dns { >> $jailID = 1; >> $ip4_addr = 10.1.1.1; >> $ip4_addr_2 = 10.1.1.2; > > As far as I understand, both of these IP addresses on host level are > configured on the same interface (say, one of them as alias). I never > tried and needed that, I actually had "multi home" host, and what I > attempted to do was: have particular jail have two IPs, one through one of > the host system interfaces, another, through another host interface. Both > of the host interfaces were on different (public) networks, and were > connected even to different network switches. This is what never worked > for me; the above (which would resemble the same physical network > interface) I never tried. Sorry, Isaak, if I confused you by omission. > > Michael, is it possible to have two addresses belonging to two different > networks (through two different network interfaces)? > > Say, on host system: > > ifconfig_igb0="inet 172.20.9.22 ... > ifconfig_igb1="inet 10.1.1.17 ... > > > and in some jail > > $ip4_addr = 172.20.9.22; > $ip4_addr_2 = 10.1.1.17; > > - will that work? This is what didn't work for me in the past when > configured jails old style in /etc/rc.conf > > Thanks a lot for very instructive post!! > > Valeri > >> $ip6_addr = ${ip6prefixLOCAL}::1/64; >> $ip6_addr_2 = ${ip6prefixLOCAL}::2/64; >> exec.start += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr_2} alias"; >> exec.start += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr_2} alias"; >> exec.start += "/bin/sh /etc/rc"; >> } >> >> etc. >> >> >> >> Again, not sure if I do understand your issue correctly, but the shown >> examples of exec.start, exec.stop, etc. are quite versatile to use. >> >> I do start/stop my jails by "service jail start/stop". >> >> Hope that helps, >> Michael >> >> >> >> _______________________________________________ >> freebsd-jail@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > > > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >