From owner-freebsd-jail@FreeBSD.ORG Thu Jan 28 22:38:05 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D8F4E10656CA for ; Thu, 28 Jan 2010 22:38:05 +0000 (UTC) (envelope-from bazerka@beardz.net) Received: from mx-2.btshosting.co.uk (mx-2.btshosting.co.uk [87.117.208.79]) by mx1.freebsd.org (Postfix) with ESMTP id 9C7958FC08 for ; Thu, 28 Jan 2010 22:38:05 +0000 (UTC) Received: from [192.168.1.65] (host86-148-118-227.range86-148.btcentralplus.com [86.148.118.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: bazerka@beardz.net) by mx-2.btshosting.co.uk (Postfix) with ESMTPSA id 241D26E5463; Thu, 28 Jan 2010 22:38:04 +0000 (GMT) Message-ID: <4B6211C7.6010404@beardz.net> Date: Thu, 28 Jan 2010 22:37:59 +0000 From: Jase Thew User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1 MIME-Version: 1.0 To: "tom@diogunix.com" References: <201001270308.21674.tom@diogunix.com> In-Reply-To: <201001270308.21674.tom@diogunix.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.95.3 at mx-2.btshosting.co.uk X-Virus-Status: Clean Cc: freebsd-jail@freebsd.org Subject: Re: configuration of multiple IPs for a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jan 2010 22:38:05 -0000 On 27/01/2010 02:08, tom@diogunix.com wrote: > Greetings to the community. That's my first post to this list. > I run a mailserver (postfix/dovecot) in a jail on a 7.2 stable system. > My question is about configuring multiple IP addresses for that jail. > My IP configuration is just done via > # jail blabla 123.123.123.249,123.123.123.227,123.123.123.248 blabla > > I want to use 123.123.123.249 as my primary IP within the jail and futhermore > use the same IP for outgoing SMTP connections. > > Everything works nice so far. The only issue is, that postfix obviously insists > to use the second IP (227) to send out the Emails though it should use the > primary IP (249). Trying to bind postfix to the right address did not help. > I've read tons about jail configuration but could not find the one hint needed. > > So my question is: > Does a jail always use the 'lowest' IP from a bunch of multiple IPs given with > the jail start command ? I can't find any other explanation. Nothing else > points to the 227 address. And if true - is there a way to change this > behaviour ? > > Thanks a lot in advance > Tom > Hi Tom, This behaviour has been addressed in RELENG_7 recently with r202924 [1]. This commit allows you to set : sysctl security.jail.ip4_saddrsel 0 , which makes the kernel use the first IP passed to jail (8) as the default source address instead of the default behaviour which picks the first matching ip for that jail on the interface. A workaround (if you're not able to update to a RELENG_7 following that commit) is to reorder your interface aliases in /etc/rc.conf ,so that your primary jail ip has a lower alias # than any secondary ips for that jail. Hope this helps, Jase. [1] http://svn.freebsd.org/changeset/base/202924