Date: Sat, 30 Jan 2010 01:06:35 +0000 From: Jase Thew <bazerka@beardz.net> To: freebsd-jail@freebsd.org Subject: Re: configuration of multiple IPs for a jail Message-ID: <4B63861B.1000907@beardz.net> In-Reply-To: <20100129091822.O50938@maildrop.int.zabbadoz.net> References: <201001270308.21674.tom@diogunix.com> <4B6211C7.6010404@beardz.net> <201001282351.13267.tom@diogunix.com> <20100129091822.O50938@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29/01/2010 09:24, Bjoern A. Zeeb wrote: > On Thu, 28 Jan 2010, tom@diogunix.com wrote: > > Hi, > >> Jase, >> >>> This behaviour has been addressed in RELENG_7 recently with r202924 >>> [1]. >> >> thank you very much. That's what I was watching out for :-). >> I somehow could not find that hint in all the resources I used. >> >>> This commit allows you to set : sysctl security.jail.ip4_saddrsel 0 , >>> which makes the kernel use the first IP passed to jail (8) as the >>> default source address instead of the default behaviour which picks the >>> first matching ip for that jail on the interface. > > That's not exactly true. Source address uses the first "matching" > address for the destination on the outgoing interface if possible. > There is a route lookup involved as well. So if you are serving more > than one subnet it won't necessarily be the first IP of the interface > seen within the jail. > > For the case given, it most likely will, though. > Yes, indeed. My answer was based on the configuraton example presented and the assumption that all the IPs given were located in the same subnet. Regards, Jase.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B63861B.1000907>