Date: Fri, 21 Nov 2008 22:37:15 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Ruslan Ermilov <ru@freebsd.org> Cc: freebsd-jail@freebsd.org, Ruben van Staveren <ruben@verweg.com> Subject: Re: can jail use 2 NICS? Message-ID: <20081121223541.H61259@maildrop.int.zabbadoz.net> In-Reply-To: <20081121202316.GB28339@edoofus.dev.vega.ru> References: <EEBDDC3B-CE47-46F0-B5D3-1FDBDB77E721@verweg.com> <20081116101126.T61259@maildrop.int.zabbadoz.net> <D8D53A5B-5092-435C-BECB-E8100DD00BA9@verweg.com> <20081116135929.S61259@maildrop.int.zabbadoz.net> <20081121202316.GB28339@edoofus.dev.vega.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 21 Nov 2008, Ruslan Ermilov wrote: Hi, > Have been traveling, hence long "no reply"... > > On Sun, Nov 16, 2008 at 02:10:35PM +0000, Bjoern A. Zeeb wrote: >> So the basic idea could be to only have >> jail_<name>_ip="" >> jail_<name>_ip6="" >> >> and each of them would have a format like: >> >> [iface|]address[/prefix] > > I'd suggest [iface:] instead. be aware that : might be problematic to parse from shell with IPv6 addresses as it would either be: bge0:2001:db8::1 or just 2001:db8::1 >> where iface and prefix are optional and prefix only makes sense if >> iface is given? >> >> If iface is given it means configure the address with prefix to the >> given interface; if prefix is not given the default would be /32 for >> ipv4 and /128 for ipv6. >> >> So now this would give really long and complicated lines in rc.conf. >> Do you think we could have something like the _alias<N> for interface >> addresses so that it would be like: >> >> jail_<name>_ip="" # default >> jail_<name>_ip_multi0="" # second IP of the jail >> jail_<name>_ip_multi1="" # third IP of the jail >> jail_<name>_ip_multi2="" # 4th IP of the jail >> >> and similar for IPv6? >> >> (multi might not be the best suffix) >> >> Something along those lines? >> >> Ruslan, what do you think about something like that? We could have >> that for HEAD and 7 just now and add the _multi<N> support with the >> multi-IP jail patches? Could you and Ruben work together to build >> this? >> > I think this is a good idea. My workaround with routes > I mentioned doesn't actually work, so currently we use > a version from HEAD on our production servers, and the > modified version of ezjail port that supports netmasks. Sounds like a plan then. Thanks a lot. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081121223541.H61259>