Date: Wed, 31 Jan 2007 11:19:47 +0100 From: Milan Obuch <freebsd-stable@dino.sk> To: freebsd-stable@freebsd.org Subject: Re: jails and multple interfaces Message-ID: <200701311119.47888.freebsd-stable@dino.sk> In-Reply-To: <45C06A42.6000001@sailorfej.net>
index | next in thread | previous in thread | raw e-mail
On Wednesday 31 January 2007 11:06, Jeffrey Williams wrote: > Hi Folks, > > I am trying to set a jail hosting server to support multiple jails for > development testing. > > The server has two network interfaces, I am configuring one for host > server to use, and the other with several aliased IPs, one for each of > the jail servers. > > All the services running on the host are configured to bind to the host > IP on the first interface. > > The crux is both interfaces on the same network, I am seeing the > expected arp errors (e.g. kernel: arp: x.x.x.x is on int0 but got reply > on int1), now I know I set the sysctl variable > net.link.ether.inet.log_arp_wrong_iface=0 to get rid of these messages, > but what I want to know if there are any other problems I am going to > have having both interfaces live on the same network. Also even though > I have the jail host's services all binding to the first interfaces ip, > there is not guarantee that network traffic originating from the jail > host will only use its primary interface/IP, is their anyway to ensure > that the jail host does not try to talk through the interface being used > by the jails? > Why are you doing this? Are your addresses from the same network segment? I am binding my jail addresses to loopback interface and route them - this way you could easily start take-over jail on another machine and change routing table (or use dynamic routing) to minimize downtime on hardware upgrades, big OS upgrades etc. I do not consider this the best way, but it just satisfy my needs. Regards, Milan -- This address is used only for mailing list response. Do not send any personal messages to it, use milan in address instead.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701311119.47888.freebsd-stable>