Date: Wed, 11 Jun 2014 22:53:40 +0300 From: "s7r@sky-ip.org" <s7r@sky-ip.org> To: Jason Hellenthal <jhellenthal@dataix.net> Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org> Subject: Re: Assign Lookback address 127.0.0.1 to jail Message-ID: <5398B3C4.4050009@sky-ip.org> In-Reply-To: <8B8FC782-7DF2-4BD3-883D-4ADE7E07822A@dataix.net> References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org> <5397A16E.8080504@sky-ip.org> <5397A2C3.1090109@freebsd.org> <5397AE8F.8020000@sky-ip.org> <8B8FC782-7DF2-4BD3-883D-4ADE7E07822A@dataix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/11/2014 4:46 AM, Jason Hellenthal wrote: > You could just go with building the host kernel with VIMAGE . . . > Then each jail has its own virtual network stack. > > image.png > > -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN > > On Jun 10, 2014, at 21:19, "s7r@sky-ip.org > <mailto:s7r@sky-ip.org>" <s7r@sky-ip.org <mailto:s7r@sky-ip.org>> > wrote: > > On 6/11/2014 3:28 AM, Allan Jude wrote: >>>> On 2014-06-10 20:23, s7r@sky-ip.org <mailto:s7r@sky-ip.org> >>>> wrote: >>>>> On 6/11/2014 3:20 AM, Allan Jude wrote: >>>>>> On 2014-06-10 20:07, s7r@sky-ip.org >>>>>> <mailto:s7r@sky-ip.org> wrote: >>>>>>> Hi, >>>>>>> >>>>>>> Operating system is FreeBSD 10.0 64 Bit >>>>>>> >>>>>>> I have installed ezjail from ports and properly >>>>>>> configured a jail with its own static and dedicated IP >>>>>>> address. Everything works good, it's just that I have >>>>>>> an application which requires to talk to another one >>>>>>> via RPC on IP 127.0.0.1, and I have noticed the jail >>>>>>> does not have a lo0 interface or localhost 127.0.0.1 IP >>>>>>> address. >>>>>>> >>>>>>> This is bad because the application has no choice but >>>>>>> to bind to the public IP address assigned to the jail, >>>>>>> and it's not safe. >>>>>>> >>>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a >>>>>>> jail? >>>>>>> >>>>>>> Thanks in advance. >>>>>>> _______________________________________________ >>>>>>> freebsd-jail@freebsd.org >>>>>>> <mailto:freebsd-jail@freebsd.org> mailing list >>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >>>>>>> To unsubscribe, send any mail to >>>>>>> "freebsd-jail-unsubscribe@freebsd.org >>>>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org>" >>>>>>> >>>>> >>>>>> Does it have to be 127.0.0.1? You can add an alias like >>>>>> 127.0.0.2 to the lo0 interface and use that. >>>>> >>>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the >>>>>> jail. >>>>> >>>>>> Using ezjail, you can also allocate more than 1 IP >>>>>> address to a jail by comma separating them >>>>> >>>>>> You can also make it automatically alias the IPs for you >>>>>> with the syntax: >>>>> >>>>>> em0|192.168.0.10,lo0|127.0.0.2 etc >>>>> >>>>> >>>>> >>>>> Thank you Allan for your fast reply. >>>>> >>>>> I have the jail already created via: # ezjail-admin create >>>>> <jailname> <em0|public IP> >>>>> >>>>> How do I modify the already existing jail to have >>>>> 127.0.0.2, for example, or can't I just have 127.0.0.1 in >>>>> the jail? >>>>> >>>>> _______________________________________________ >>>>> freebsd-jail@freebsd.org <mailto:freebsd-jail@freebsd.org> >>>>> mailing list >>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To >>>>> unsubscribe, send any mail to >>>>> "freebsd-jail-unsubscribe@freebsd.org >>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org>" >>>>> >>>> >>>> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name >>>> >>>> and change the line that defines the IPs >>>> > > Thank you it works, with 127.0.0.2 > > If I try to add 127.0.0.1 will this create any conflicts with the > host or will it work? Because i have something important listening > on hosts's 127.0.0.1 and don't want to mess up. I would need the > same configuration within the jail also, so that's why I need the > .1 localhost IP. > >> _______________________________________________ >> freebsd-jail@freebsd.org <mailto:freebsd-jail@freebsd.org> >> mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To >> unsubscribe, send any mail to >> "freebsd-jail-unsubscribe@freebsd.org >> <mailto:freebsd-jail-unsubscribe@freebsd.org>" Hey Jason Thanks for your suggestion. can you please ellaborate a little bit and tell me how can i do this step by step? I have an already installed system with ezjail and already created one jail - how can I add VIMAGE to have virtual network stack in each jail without having to reinstall the host or the jails? Thank you, looking forward for your reply. - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTmLPEAAoJEIN/pSyBJlsRabgH/iG/pNAmpmb5ZBYksIjm4U5K hOvKcOzGiZMn/8LgbJWYf930T8li0UFmr2MttKLjkbojju/zeqjWdYfRI4t+QI5Y JbKj0BFHA6hPxED7BDNaorHOA/jlAbreToyzMGVlK1EIo/CxCOroMBomomucjlAx LxICOVrUPmHfR/f3h+sOAgqTytflQQ389PalC7gBZ7IH72JTIEFpc+8Ql5+GPDCL cLKrrPiTXwQqurJHQMcaaTJ3DJ1Bk1WSipJiqyRNzWIkM29q/CwEeZcyxc+7tbet EZaL2JechFirmlSRRj/uINqzjW5xCN4uppXBn8FakB75Ort7zRguOryH9gh98WE= =gyIS -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5398B3C4.4050009>