Date: Thu, 04 Jun 2009 16:00:43 +0200 From: Dirk Engling <erdgeist@erdgeist.org> To: freebsd-hackers@freebsd.org Subject: Jails, loopback interfaces and sendmail Message-ID: <4A27D38B.6040108@erdgeist.org>
index | next in thread | raw e-mail
Dear fellow hackers, since jail can be bound on multiple IP addresses I tend to clone multiple loopback interfaces and add one loopback address to each jail cloned_interfaces="lo1 lo2 lo3" ifconfig_lo1_alias0="inet 127.0.0.2 netmask 0xffffffff" ifconfig_lo2_alias0="inet 127.0.0.3 netmask 0xffffffff" ifconfig_lo3_alias0="inet 127.0.0.4 netmask 0xffffffff" .. no this is not yet optimal, since I can not run several jails on a single external IP anymore, but at least local daemons are not visible to the outside world, anymore. However, grep -R 127.0.0.1 /etc reveals, that sendmail in many places assumes localhost to be on 127.0.0.1 instead of looking it up in /etc/hosts or using 127.0.0.0/8 to identify a local connection. I worry that more programmers made those assumptions, possibly breaking more tools. My question is: Who's the right guy to beg to fix sendmail or alternatively would it be smart to allow each jail to have its own concept of 127.0.0.1 on a dummy interface mapped to all jails, that itself doesn't count as a bound IP address (thus allowing the jail to bind to an already bound ip address) and is not routed between jails? Any ideas? erdgeisthome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A27D38B.6040108>