From owner-freebsd-hackers@FreeBSD.ORG Thu Jun 4 16:32:58 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C055210656C9 for ; Thu, 4 Jun 2009 16:32:58 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: from mail-fx0-f211.google.com (mail-fx0-f211.google.com [209.85.220.211]) by mx1.freebsd.org (Postfix) with ESMTP id 50DF48FC14 for ; Thu, 4 Jun 2009 16:32:57 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: by fxm7 with SMTP id 7so491378fxm.43 for ; Thu, 04 Jun 2009 09:32:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Zxm2YDxUvICu2vKMiCTLvFZbHvW3vh3wNaYh3rsN+NM=; b=Ish7Iqn6rtPloq4n+olXJOs3Tba0lqB8ygm+D6QjP+ce0giuqcGHZxxPOLVCRxl8tb K5OFyozl83zsuGf8EXfTkcJi5ENAcWkX4x1UcsP1+txMgSYI/a2yV7jEwlfRrADK5Tma Uqa979H4MXT0mJAVp33xNPzITGDS2UR+NCAts= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=iQmQAzTRfmnkdBP40gCGeCKAZA1ppCzzWU/eDvrrJBRCG2XEgCWOmATTsm9tp3XOLn eA4yjJEwa9Qid31Zm6ycCC7sshc4CFQlxdCAD9E8qR0z7kaENGOfTULuFX8zM5ocgq6S j/iDeje1mVsW6F/WG+NhfAiJLiUddEUJg9B1U= MIME-Version: 1.0 Received: by 10.204.63.209 with SMTP id c17mr2185841bki.47.1244133176584; Thu, 04 Jun 2009 09:32:56 -0700 (PDT) In-Reply-To: <4A27D38B.6040108@erdgeist.org> References: <4A27D38B.6040108@erdgeist.org> Date: Thu, 4 Jun 2009 12:32:56 -0400 Message-ID: <4ad871310906040932n1e78c30do773c8bc92bf547fb@mail.gmail.com> From: Glen Barber To: Dirk Engling Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org Subject: Re: Jails, loopback interfaces and sendmail X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2009 16:32:59 -0000 Hi, Dirk On Thu, Jun 4, 2009 at 10:00 AM, Dirk Engling wrote: > Dear fellow hackers, > > since jail can be bound on multiple IP addresses I tend to clone > multiple loopback interfaces and add one loopback address to each jail > > cloned_interfaces="lo1 lo2 lo3" > ifconfig_lo1_alias0="inet 127.0.0.2 netmask 0xffffffff" > ifconfig_lo2_alias0="inet 127.0.0.3 netmask 0xffffffff" > ifconfig_lo3_alias0="inet 127.0.0.4 netmask 0xffffffff" > .. > > no this is not yet optimal, since I can not run several jails on a > single external IP anymore, but at least local daemons are not visible > to the outside world, anymore. > This doesn't answer your _real_ question, but here's a suggestion. There are a few other ways you could do this with the addressing -- maybe it'll be less confusing for you. The APIPA address pool (168.254.x.x/16) is also non-routable. You could change your aliased interfaces to use this range, which may clear things up for you, and the jails will still retain their loopback address. -- Glen Barber http://www.dev-urandom.com http://www.linkedin.com/in/glenjbarber