From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 19:53:41 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9FDC4EAF for ; Wed, 11 Jun 2014 19:53:41 +0000 (UTC) Received: from outbound.mailhostbox.com (outbound.mailhostbox.com [162.222.225.22]) by mx1.freebsd.org (Postfix) with ESMTP id 6424C2EA6 for ; Wed, 11 Jun 2014 19:53:41 +0000 (UTC) Received: from [192.168.1.2] (unknown [109.99.157.72]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: s7r@sky-ip.org) by outbound.mailhostbox.com (Postfix) with ESMTPSA id 802A7638E0F; Wed, 11 Jun 2014 19:53:39 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1402516421; bh=+YYXhviIVqqxldZzemGOnu269PWX25v2X3vVVpYHB4g=; h=Message-ID:Date:From:Reply-To:MIME-Version:To:CC:Subject: References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=BaLLm5PyR426HrjAK+xPRiTm/snYyx21hVI2UBCNjZnJzppDZDuEwVru1hC7y+B5f /xbUFmIICKd6BcoaSF6cMEhptUIjWU75qqjnKP53NSXDZGSVIyoiIDTPyrxZoj/kMW 8G3oc4Z1hY2/97SWmEgrSL+c6+XF9q5dip2344nE= Message-ID: <5398B3C4.4050009@sky-ip.org> Date: Wed, 11 Jun 2014 22:53:40 +0300 From: "s7r@sky-ip.org" Reply-To: s7r@sky-ip.org User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: Jason Hellenthal Subject: Re: Assign Lookback address 127.0.0.1 to jail References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org> <5397A16E.8080504@sky-ip.org> <5397A2C3.1090109@freebsd.org> <5397AE8F.8020000@sky-ip.org> <8B8FC782-7DF2-4BD3-883D-4ADE7E07822A@dataix.net> In-Reply-To: <8B8FC782-7DF2-4BD3-883D-4ADE7E07822A@dataix.net> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-CTCH-RefID: str=0001.0A02020A.5398B3C3.01C4, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 X-CTCH-VOD: Unknown X-CTCH-Spam: Unknown X-CTCH-Score: 0.000 X-CTCH-Rules: X-CTCH-Flags: 0 X-CTCH-ScoreCust: 0.000 X-CTCH-SenderID: s7r@sky-ip.org X-CTCH-SenderID-TotalMessages: 1 X-CTCH-SenderID-TotalSpam: 0 X-CTCH-SenderID-TotalSuspected: 0 X-CTCH-SenderID-TotalBulk: 0 X-CTCH-SenderID-TotalConfirmed: 0 X-CTCH-SenderID-TotalRecipients: 0 X-CTCH-SenderID-TotalVirus: 0 X-CTCH-SenderID-BlueWhiteFlag: 0 X-Scanned-By: MIMEDefang 2.72 on 172.18.214.134 Cc: "freebsd-jail@freebsd.org" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jun 2014 19:53:41 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/11/2014 4:46 AM, Jason Hellenthal wrote: > You could just go with building the host kernel with VIMAGE . . . > Then each jail has its own virtual network stack. > > image.png > > -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN > > On Jun 10, 2014, at 21:19, "s7r@sky-ip.org > " > > wrote: > > On 6/11/2014 3:28 AM, Allan Jude wrote: >>>> On 2014-06-10 20:23, s7r@sky-ip.org >>>> wrote: >>>>> On 6/11/2014 3:20 AM, Allan Jude wrote: >>>>>> On 2014-06-10 20:07, s7r@sky-ip.org >>>>>> wrote: >>>>>>> Hi, >>>>>>> >>>>>>> Operating system is FreeBSD 10.0 64 Bit >>>>>>> >>>>>>> I have installed ezjail from ports and properly >>>>>>> configured a jail with its own static and dedicated IP >>>>>>> address. Everything works good, it's just that I have >>>>>>> an application which requires to talk to another one >>>>>>> via RPC on IP 127.0.0.1, and I have noticed the jail >>>>>>> does not have a lo0 interface or localhost 127.0.0.1 IP >>>>>>> address. >>>>>>> >>>>>>> This is bad because the application has no choice but >>>>>>> to bind to the public IP address assigned to the jail, >>>>>>> and it's not safe. >>>>>>> >>>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a >>>>>>> jail? >>>>>>> >>>>>>> Thanks in advance. >>>>>>> _______________________________________________ >>>>>>> freebsd-jail@freebsd.org >>>>>>> mailing list >>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >>>>>>> To unsubscribe, send any mail to >>>>>>> "freebsd-jail-unsubscribe@freebsd.org >>>>>>> " >>>>>>> >>>>> >>>>>> Does it have to be 127.0.0.1? You can add an alias like >>>>>> 127.0.0.2 to the lo0 interface and use that. >>>>> >>>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the >>>>>> jail. >>>>> >>>>>> Using ezjail, you can also allocate more than 1 IP >>>>>> address to a jail by comma separating them >>>>> >>>>>> You can also make it automatically alias the IPs for you >>>>>> with the syntax: >>>>> >>>>>> em0|192.168.0.10,lo0|127.0.0.2 etc >>>>> >>>>> >>>>> >>>>> Thank you Allan for your fast reply. >>>>> >>>>> I have the jail already created via: # ezjail-admin create >>>>> >>>>> >>>>> How do I modify the already existing jail to have >>>>> 127.0.0.2, for example, or can't I just have 127.0.0.1 in >>>>> the jail? >>>>> >>>>> _______________________________________________ >>>>> freebsd-jail@freebsd.org >>>>> mailing list >>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To >>>>> unsubscribe, send any mail to >>>>> "freebsd-jail-unsubscribe@freebsd.org >>>>> " >>>>> >>>> >>>> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name >>>> >>>> and change the line that defines the IPs >>>> > > Thank you it works, with 127.0.0.2 > > If I try to add 127.0.0.1 will this create any conflicts with the > host or will it work? Because i have something important listening > on hosts's 127.0.0.1 and don't want to mess up. I would need the > same configuration within the jail also, so that's why I need the > .1 localhost IP. > >> _______________________________________________ >> freebsd-jail@freebsd.org >> mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To >> unsubscribe, send any mail to >> "freebsd-jail-unsubscribe@freebsd.org >> " Hey Jason Thanks for your suggestion. can you please ellaborate a little bit and tell me how can i do this step by step? I have an already installed system with ezjail and already created one jail - how can I add VIMAGE to have virtual network stack in each jail without having to reinstall the host or the jails? Thank you, looking forward for your reply. - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTmLPEAAoJEIN/pSyBJlsRabgH/iG/pNAmpmb5ZBYksIjm4U5K hOvKcOzGiZMn/8LgbJWYf930T8li0UFmr2MttKLjkbojju/zeqjWdYfRI4t+QI5Y JbKj0BFHA6hPxED7BDNaorHOA/jlAbreToyzMGVlK1EIo/CxCOroMBomomucjlAx LxICOVrUPmHfR/f3h+sOAgqTytflQQ389PalC7gBZ7IH72JTIEFpc+8Ql5+GPDCL cLKrrPiTXwQqurJHQMcaaTJ3DJ1Bk1WSipJiqyRNzWIkM29q/CwEeZcyxc+7tbet EZaL2JechFirmlSRRj/uINqzjW5xCN4uppXBn8FakB75Ort7zRguOryH9gh98WE= =gyIS -----END PGP SIGNATURE-----