From owner-freebsd-hackers@FreeBSD.ORG Sun Nov 18 22:01:20 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B62C16A41B for ; Sun, 18 Nov 2007 22:01:20 +0000 (UTC) (envelope-from jan@digitaldaemon.com) Received: from digitaldaemon.com (digitaldaemon.com [63.105.9.34]) by mx1.freebsd.org (Postfix) with SMTP id B660913C442 for ; Sun, 18 Nov 2007 22:01:17 +0000 (UTC) (envelope-from jan@digitaldaemon.com) Received: (qmail 85343 invoked by uid 98); 18 Nov 2007 21:34:18 -0000 Received: from 63.105.9.34 by digitaldaemon.com (envelope-from , uid 89) with qmail-scanner-1.25 (clamdscan: 0.87/1195. Clear:RC:1(63.105.9.34):. Processed in 0.34128 secs); 18 Nov 2007 21:34:18 -0000 X-Qmail-Scanner-Mail-From: jan@digitaldaemon.com via digitaldaemon.com X-Qmail-Scanner: 1.25 (Clear:RC:1(63.105.9.34):. Processed in 0.34128 secs) Received: from digitaldaemon.com (HELO ?40.87.155.2?) (63.105.9.34) by digitaldaemon.com with SMTP; 18 Nov 2007 21:34:18 -0000 Message-ID: <4740AFD8.202@digitaldaemon.com> Date: Sun, 18 Nov 2007 16:34:16 -0500 From: Jan Knepper User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Andre Oppermann References: <45F1C355.8030504@digitaldaemon.com> <20070511075857.GL23313@hoeg.nl> <4644773E.60909@freebsd.org> In-Reply-To: <4644773E.60909@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Hackers , Ed Schouten Subject: Re: Multiple IP Jail's patch for FreeBSD 6.2 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2007 22:01:20 -0000 Andre Oppermann wrote: > Ed Schouten wrote: >> Hello, >> >> It may be interesting to mention that yesterday there was a presentation >> at the NLUUG (Netherlands UNIX Users Group) conference by Marco Zec, who >> once wrote a patchset for FreeBSD 4.11 (and is in the process of porting >> it to FreeBSD 7.x) that gives each jail its own networking stack. >> >> You can hook up physical interfaces to jails or perform bridging between >> jails through netgraph bridging code. That way you can create virtual >> network topologies on a single box. This will allow you to use multiple >> IPv4 and IPv6 addresses on each instance. You can even use (I)PF(W) >> inside jails. > > I'm working on a "light" variant of multi-IPv[46] per jail. It doesn't > create an entirely new network instance per jail and probably is more > suitable for low- to mid-end (virtual) hosting. In those cases you > normally want the host administrator to excercise full control over > IP address and firewall configuration of the individual jails. For > high-end stuff where you offer jail based virtual machines or network > and routing simulations Marco's work is more appropriate. Any of this available in 7.x at the moment? I have a patched 6.2-STABLE running with 7 jails with multiple IP addresses. Would not be able to upgrade that box unless this becomes available or unless I port it to 7.x... Thanks! Jan