Date: Thu, 28 Jan 2010 22:37:59 +0000 From: Jase Thew <bazerka@beardz.net> To: "tom@diogunix.com" <tom@diogunix.com> Cc: freebsd-jail@freebsd.org Subject: Re: configuration of multiple IPs for a jail Message-ID: <4B6211C7.6010404@beardz.net> In-Reply-To: <201001270308.21674.tom@diogunix.com> References: <201001270308.21674.tom@diogunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27/01/2010 02:08, tom@diogunix.com wrote: > Greetings to the community. That's my first post to this list. > I run a mailserver (postfix/dovecot) in a jail on a 7.2 stable system. > My question is about configuring multiple IP addresses for that jail. > My IP configuration is just done via > # jail blabla 123.123.123.249,123.123.123.227,123.123.123.248 blabla > > I want to use 123.123.123.249 as my primary IP within the jail and futhermore > use the same IP for outgoing SMTP connections. > > Everything works nice so far. The only issue is, that postfix obviously insists > to use the second IP (227) to send out the Emails though it should use the > primary IP (249). Trying to bind postfix to the right address did not help. > I've read tons about jail configuration but could not find the one hint needed. > > So my question is: > Does a jail always use the 'lowest' IP from a bunch of multiple IPs given with > the jail start command ? I can't find any other explanation. Nothing else > points to the 227 address. And if true - is there a way to change this > behaviour ? > > Thanks a lot in advance > Tom > Hi Tom, This behaviour has been addressed in RELENG_7 recently with r202924 [1]. This commit allows you to set : sysctl security.jail.ip4_saddrsel 0 , which makes the kernel use the first IP passed to jail (8) as the default source address instead of the default behaviour which picks the first matching ip for that jail on the interface. A workaround (if you're not able to update to a RELENG_7 following that commit) is to reorder your interface aliases in /etc/rc.conf ,so that your primary jail ip has a lower alias # than any secondary ips for that jail. Hope this helps, Jase. [1] http://svn.freebsd.org/changeset/base/202924
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B6211C7.6010404>