From owner-freebsd-questions@FreeBSD.ORG Tue Jul 8 09:24:35 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A5CE106568F for ; Tue, 8 Jul 2008 09:24:35 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from snoogles.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 5AB128FC22 for ; Tue, 8 Jul 2008 09:24:35 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (localhost [127.0.0.1]) by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id 6BFA01CD18; Tue, 8 Jul 2008 01:24:34 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org Date: Tue, 8 Jul 2008 11:24:33 +0200 User-Agent: KMail/1.9.7 References: <2daa8b4e0807070951u607ff031v98b5b96103fdab4@mail.gmail.com> In-Reply-To: <2daa8b4e0807070951u607ff031v98b5b96103fdab4@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200807081124.33377.fbsd.questions@rachie.is-a-geek.net> Cc: David Allen Subject: Re: Jails and IP Aliasing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2008 09:24:35 -0000 On Monday 07 July 2008 18:51:33 David Allen wrote: > Granted, everything is really happening over the loopback address, but a > connection originating from the jailhost to a jail should appear to be > using the jailhost's IP address, or so I'd like to think. If it doesn't, > then the scenario is awkward at best when trying to understand or debug > issues. To debug this, you need to 'add jail support to sockstat'. This sounds hard, and it is, but you can fake it, since sockstat gives you the PID. With a little creative scripting, you can call `ps -o state' for each PID in the list, look for the capital 'J' and if it is, add the 'J' to the line. > The thought occurred to me, however, that I could add a new network card > and reserve that for the IP aliases needed by the jails. But I'm not sure > whether that will work in telling me who's who, or whether I'll discover > another gotcha. ;-) It will add more gotcha's, unless you put each network card in a different network. With the IP's given here, you tell the host that 10.0.1.0/24 is on fxp0, so it will never go to fxp1 for 10.0.1.4. -- Mel Problem with today's modular software: they start with the modules and never get to the software part.