From owner-freebsd-jail@freebsd.org Sat Sep 3 23:11:51 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FCDBBCF0BF for ; Sat, 3 Sep 2016 23:11:51 +0000 (UTC) (envelope-from James@Lodge.me.uk) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0097.outbound.protection.outlook.com [104.47.0.97]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A15BDD8D; Sat, 3 Sep 2016 23:11:49 +0000 (UTC) (envelope-from James@Lodge.me.uk) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gavinlodge.onmicrosoft.com; s=selector1-Lodge-me-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3lOyEiR+fAck9c1VGj3KWHyxpWlLez1DHvMAGW3cVYk=; b=Bw1kK38D8fPVepjjXZ8n2rMKges0NUxc2dQCMzdQQDsaYHNNLJRzBq2VlZnPxBjUfSypBAPyCByAKBIvIpc7jZJYIOYr0wOP6fmmfSq2Nl51DJtD/Ch7ptbTZoULw1QkX8S1C27siy5UDhC1i+DBhHyhReCzNKEOtbqxoSLwG9s= Received: from HE1PR0601MB2090.eurprd06.prod.outlook.com (10.168.34.153) by HE1PR0601MB2090.eurprd06.prod.outlook.com (10.168.34.153) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.587.13; Sat, 3 Sep 2016 15:49:25 +0000 Received: from HE1PR0601MB2090.eurprd06.prod.outlook.com ([10.168.34.153]) by HE1PR0601MB2090.eurprd06.prod.outlook.com ([10.168.34.153]) with mapi id 15.01.0587.013; Sat, 3 Sep 2016 15:49:25 +0000 From: James Lodge To: James Gritton CC: Grzegorz Junka , "freebsd-jail@freebsd.org" Subject: Re: Changing jail's IP automatically Thread-Topic: Changing jail's IP automatically Thread-Index: AQHSBV4uLgfUvG4DUEy/8y53b6bozaBn5jQAgAAEjYU= Date: Sat, 3 Sep 2016 15:49:25 +0000 Message-ID: References: <872dfbe1-3f39-bf5f-44b2-611bd92a1210@gjunka.com>, <4fa37d2e14665ff5a00548626e55142f@gritton.org> In-Reply-To: <4fa37d2e14665ff5a00548626e55142f@gritton.org> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=James@Lodge.me.uk; x-originating-ip: [81.174.132.199] x-ms-office365-filtering-correlation-id: 18bd3847-36f2-483b-cc1e-08d3d411e1ac x-microsoft-exchange-diagnostics: 1; HE1PR0601MB2090; 6:1ZBHXzWOCo7TiV1xR9vAQEWD96fFMMAq6PT/6+PzQ5mHpmEitxDdwWWuiWf3hoqEC5PnCnNXszAhuLhVFLpEH+bMjRb0KJP6hdV0KeALaWdsXydHw7tN0NzuPBjnCAH7tVlOgpubKBpLL+eI2rA8ji5EY8wSWkCRRPUS6rrbovi5ErXkZNceGqUnKVoUYn8YCPPrfv4QSiAAEpoaIHFIOI8o1Ih0tn0WjStW8PtDFSi33J5CpgDNRLi0Y703ckByPSvORUNCrMmgBKOOzC21ddFuhg/60VyL+Dj4Fejvch37GAITfAgFY1XoDrix1zCM; 5:vJC7QOhzlZYTVYwFBwtcUDECCvE8lwcDM9FjBrxGMzdl9HTjp7u7GZCUwRD+pNUH7WP+3FW6gORgryypICHzkR32VnuahlBYvquJCZBQRtT0G9z5Ola1VxCZEZZaYwF3VCIfuRfXYXoo6TnCCBVIjA==; 24:LI8mIlyuEWbH6MbcuvkT4wstsHrXlHT1+3UDh4TAG85es1Ox5IA9rtXnEM7jQSidtENzOOAJ7YbteDEg1FTUFwVv3QghmlQcTPsUxvWO9wo=; 7:Slvz1T1SaEGWKEcS2Vl5Rbs150K+ucKvnXafyCshNs/hQaTkRu2GAkSzbptLKqlrjSjUUdhLj/6ADua6jdy6T0VfyOQcGYaLSE89IBxrgf0tJSqatvoUYT4pNcepN6sxJOtqISq1349RQ4/pUSFqycCJXiQlNIDmuwYHzcEfJX9HVbtkCT1M39HY02K8atgEYqdwk0fcakKlpwM5xJCiXnX/agSVkon2qVIptG/Tef87I5UvmPQgd79/oUXmqhcH x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0601MB2090; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(75325880899374)(21532816269658); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6043046)(6042046); SRVR:HE1PR0601MB2090; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0601MB2090; x-forefront-prvs: 00540983E2 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(24454002)(189002)(199003)(377424004)(106116001)(50986999)(3846002)(80792005)(92566002)(122556002)(97736004)(5002640100001)(4326007)(2906002)(305945005)(15975445007)(76176999)(68736007)(54356999)(66066001)(5003630100001)(189998001)(110136002)(105586002)(101416001)(2950100001)(7736002)(19580395003)(19580405001)(7846002)(3660700001)(5660300001)(106356001)(87936001)(82746002)(86362001)(83716003)(77096005)(81166006)(11100500001)(36756003)(3280700002)(3480700004)(74482002)(102836003)(6116002)(81156014)(586003)(8676002)(8936002)(2900100001)(33656002)(10400500002)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:HE1PR0601MB2090; H:HE1PR0601MB2090.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: Lodge.me.uk does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Sep 2016 15:49:25.3110 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ded56ae9-7c77-4cf6-bbfd-39e6a505742d X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0601MB2090 X-Microsoft-Exchange-Diagnostics: 1; HE1PR0601MB2090; 23:ypJatKUzIlsB7u1wKk3DrpLRitpme2JmADjCu8XCrXftnp7r3SCAsZ+nLh5AtWuUT1vPIdKRKLJKjDOnSfKkZZGrp2dJlWZX6jEQVIkr5q7TH/T6GhlZBxSp7vd2PZyzVzG6SUWre09QJw49HAkopIXMmKY9mGoyzB8VjKXVSzL3CbVoFNxCwOroQ/ncVdvu X-OriginatorOrg: Lodge.me.uk X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Sep 2016 23:11:51 -0000 Would PF and NAT not work for you? NAT to the WLAN0 IP (DHCP assigned) usin= g PF macros and have a separate subnet for your jails? This would be PAT so= you might have issues with accessing services inbound if you're using the = same port in multiple jails. Just an idea.....=20 Sent from my iPad > On 3 Sep 2016, at 16:33, James Gritton wrote: >=20 >> On 2016-09-02 15:08, Grzegorz Junka wrote: >> I am using a jail on my laptop and I often connect to different >> WiFi's, which of course assign different IPs to my laptop. I set up >> the jail by adding an alias to wlan0 and I need to update the IP every >> time I switch the WiFi network. Is it possible to create a jail with >> IP assigned dynamically, e.g. from DHCP, or at least switch between >> predefined IPs more easily than by editing /etc/jail.conf? >=20 > You can always add addresses later. I would create the jail without any = IP address specified in jail.conf, and then have a exec.poststart script th= at sets the address using something like "jail -m name=3Dfoo ip4.addr=3D1.2= .3.4". And similarly when the network switches, it would need to trigger a= similar script that resets the address. >=20 > It's a little more complicated that than though: network daemons will be = bound to the old address after the switch, so you'll need to run the proper= service(8) commands to restart those, in the right order. Or depending on= the service, maybe a kick of some sort (like a kill -1) would do the trick= . >=20 > And at start time, if the jail has no IP address of its own, anything it = runs will use the regular system IP addresses. That's definitely not what = you want. Unfortunately, jail(8) doesn't have a way to run a script in the= system environment after the jail is created but before exec.start is run.= That would be the right place to set the initial address. So barring tha= t, you may want to have network services not started up at all, until this = poststart script sets the address. So it's still not a simple issue. >=20 > - Jamie > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"