From owner-freebsd-jail@FreeBSD.ORG Tue Feb 4 16:40:11 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E7DAD6A for ; Tue, 4 Feb 2014 16:40:11 +0000 (UTC) Received: from m2.gritton.org (gritton.org [199.192.164.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C5D2C1088 for ; Tue, 4 Feb 2014 16:40:11 +0000 (UTC) Received: from [192.168.0.34] (c-50-168-192-61.hsd1.ut.comcast.net [50.168.192.61]) (authenticated bits=0) by m2.gritton.org (8.14.7/8.14.7) with ESMTP id s14Ge8aa009432; Tue, 4 Feb 2014 09:40:09 -0700 (MST) (envelope-from jamie@gritton.org) Message-ID: <52F117E0.8030307@gritton.org> Date: Tue, 04 Feb 2014 09:40:00 -0700 From: James Gritton User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: jail.conf setting - prevent alias removal on jail shutdown References: <1391519945225-5882902.post@n5.nabble.com> In-Reply-To: <1391519945225-5882902.post@n5.nabble.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Beeblebrox X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Feb 2014 16:40:12 -0000 On 2/4/2014 6:19 AM, Beeblebrox wrote: > I have two NIC's, re1 faces internal LAN. re1 also has a jail running on it > for diskless clients (tftp, dhcp). IP assigned to re1 by /etc/rc.conf and > jail.conf are same: ip4.addr = 192.168.2.1/24 > A /32 subnet will break diskless clients and also prevents gatewaying of > traffic from laptops connecting from internal LAN. > > My problem is if I stop the jail, jail script removes IP assigned by rc.conf > (obviously). This breaks host gateway function for laptops on the LAN. Is > there a setting for jail.conf that prevents removal of jail IP on jail > shutdown? If not, the only alternative remaining is to move jail IP to > 192.168.2.xx/24 (which I would rather not do). The IP should only be brought up and down if there's an interface mentioned in the jail config. If there's only an IP address, then the jail will be restricted to that IP address without changing any interfaces. I assume your jail configuration has either an "interface" parameter, or an IP address designation like "re1|192.168.2.1"? Just remove that part and you should be good. Along the same lines, if you're not actually setting the interface, you don't need to worry about a subnet mask - the jail itself doesn't use that. - Jamie