Date: Tue, 8 Jul 2008 11:24:33 +0200 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Cc: David Allen <the.real.david.allen@gmail.com> Subject: Re: Jails and IP Aliasing Message-ID: <200807081124.33377.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <2daa8b4e0807070951u607ff031v98b5b96103fdab4@mail.gmail.com> References: <2daa8b4e0807070951u607ff031v98b5b96103fdab4@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 07 July 2008 18:51:33 David Allen wrote:
> Granted, everything is really happening over the loopback address, but a
> connection originating from the jailhost to a jail should appear to be
> using the jailhost's IP address, or so I'd like to think. If it doesn't,
> then the scenario is awkward at best when trying to understand or debug
> issues.
To debug this, you need to 'add jail support to sockstat'. This sounds hard,
and it is, but you can fake it, since sockstat gives you the PID. With a
little creative scripting, you can call `ps -o state' for each PID in the
list, look for the capital 'J' and if it is, add the 'J' to the line.
> The thought occurred to me, however, that I could add a new network card
> and reserve that for the IP aliases needed by the jails. But I'm not sure
> whether that will work in telling me who's who, or whether I'll discover
> another gotcha. ;-)
It will add more gotcha's, unless you put each network card in a different
network. With the IP's given here, you tell the host that 10.0.1.0/24 is on
fxp0, so it will never go to fxp1 for 10.0.1.4.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807081124.33377.fbsd.questions>