From owner-freebsd-stable@FreeBSD.ORG Wed Jan 31 10:30:06 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 57D0716A403 for ; Wed, 31 Jan 2007 10:30:06 +0000 (UTC) (envelope-from freebsd-stable@dino.sk) Received: from bsd.dino.sk (bsd.dino.sk [213.215.72.60]) by mx1.freebsd.org (Postfix) with ESMTP id BF0CB13C478 for ; Wed, 31 Jan 2007 10:30:05 +0000 (UTC) (envelope-from freebsd-stable@dino.sk) Received: from [192.168.16.241] (home.dino.sk [84.245.95.252]) (AUTH: PLAIN milan, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by bsd.dino.sk with esmtp; Wed, 31 Jan 2007 11:24:34 +0100 id 00000036.45C06E62.0000F3C5 From: Milan Obuch To: freebsd-stable@freebsd.org Date: Wed, 31 Jan 2007 11:19:47 +0100 User-Agent: KMail/1.9.5 References: <45C06A42.6000001@sailorfej.net> In-Reply-To: <45C06A42.6000001@sailorfej.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200701311119.47888.freebsd-stable@dino.sk> Subject: Re: jails and multple interfaces X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jan 2007 10:30:06 -0000 On Wednesday 31 January 2007 11:06, Jeffrey Williams wrote: > Hi Folks, > > I am trying to set a jail hosting server to support multiple jails for > development testing. > > The server has two network interfaces, I am configuring one for host > server to use, and the other with several aliased IPs, one for each of > the jail servers. > > All the services running on the host are configured to bind to the host > IP on the first interface. > > The crux is both interfaces on the same network, I am seeing the > expected arp errors (e.g. kernel: arp: x.x.x.x is on int0 but got reply > on int1), now I know I set the sysctl variable > net.link.ether.inet.log_arp_wrong_iface=0 to get rid of these messages, > but what I want to know if there are any other problems I am going to > have having both interfaces live on the same network. Also even though > I have the jail host's services all binding to the first interfaces ip, > there is not guarantee that network traffic originating from the jail > host will only use its primary interface/IP, is their anyway to ensure > that the jail host does not try to talk through the interface being used > by the jails? > Why are you doing this? Are your addresses from the same network segment? I am binding my jail addresses to loopback interface and route them - this way you could easily start take-over jail on another machine and change routing table (or use dynamic routing) to minimize downtime on hardware upgrades, big OS upgrades etc. I do not consider this the best way, but it just satisfy my needs. Regards, Milan -- This address is used only for mailing list response. Do not send any personal messages to it, use milan in address instead.