From owner-freebsd-jail@freebsd.org Tue Dec 13 22:02:36 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CEF6CC76647 for ; Tue, 13 Dec 2016 22:02:36 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id AFA013D8 for ; Tue, 13 Dec 2016 22:02:35 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 8E6C9CB8C9F; Tue, 13 Dec 2016 16:03:26 -0600 (CST) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Tue, 13 Dec 2016 16:03:26 -0600 (CST) Message-ID: <11488.128.135.52.6.1481666606.squirrel@cosmo.uchicago.edu> In-Reply-To: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> References: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> Date: Tue, 13 Dec 2016 16:03:26 -0600 (CST) Subject: Re: multiple interfaces for jail.conf(1) and jail_set(2) From: "Valeri Galtsev" To: "Isaac (.ike) Levy" Cc: freebsd-jail@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2016 22:02:36 -0000 On Tue, December 13, 2016 2:14 pm, Isaac (.ike) Levy wrote: > Hi All, > > Can I specify multiple IP interfaces and assign IP’s to them using > jail.conf? > I have jails with IPv4/IPv6 addresses on multiple physical interfaces, as > well as assigning a loopback. Last time I tried it which was about year and a half ago the answer was: no, this is not possible. Jail can only have one IP address (in addition to loopback addresses). Valeri > > I have not found answers in the respective man pages or digging online. > > I’m finally starting to poke around to start using the impressively > simple jail.conf subsystem to manage jails. I have been managing jails > with simple custom start scripts since 99’, and custom devfs rulesets > since ~2006, so jail.conf(1) and jail_set(2) are a big welcome change for > me- really awesome and clean :) > > -- > Additional detail to clarify my loopback use: > In general, I always assign each jail it’s own a loopback IP somewhere > in the RFC5735 specified range, 127.0.0.0/8 - (simply saving 127.0.0.1 for > the jailing host), and then I simply set localhost to point at it’s IP > in /etc/hosts for the jail. On the host, I simply add the IP alias to lo0 > like any other interface. > This is often overlooked in common jailing practice, but often eliminates > complexity and confusion for many userland daemons. For full Virtual > Server applications, loopback is simply dotting the i’s and crossing the > t’s. > > I can see how localhost would be challenging to automate for easy > jail.conf configuration, mostly, in picking a loopback IP for the jail and > not letting that get messy- etc… > > Thanks in advance for any info! > > Best, > .ike > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++