Date: Wed, 20 Aug 2014 17:30:12 -0600 (MDT) From: Warren Block <wblock@wonkity.com> To: John Baldwin <jhb@freebsd.org> Cc: freebsd-doc@freebsd.org Subject: Re: ezjail Handbook section Message-ID: <alpine.BSF.2.11.1408201720480.93287@wonkity.com> In-Reply-To: <alpine.BSF.2.11.1408201206460.56309@wonkity.com> References: <alpine.BSF.2.11.1408041633520.34818@wonkity.com> <alpine.BSF.2.11.1408191600430.51296@wonkity.com> <201408201106.34557.jhb@freebsd.org> <alpine.BSF.2.11.1408201206460.56309@wonkity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Aug 2014, Warren Block wrote: > On Wed, 20 Aug 2014, John Baldwin wrote: > >> On Tuesday, August 19, 2014 6:01:54 pm Warren Block wrote: >>> On Mon, 4 Aug 2014, Warren Block wrote: >>> >>>> Draft version of an ezjail section for the Handbook Jails chapter: >>>> http://www.wonkity.com/~wblock/jails/jails-ezjail.html >>>> >>>> This includes a complete setup at the end for running BIND in a jail. >>>> In addition to a complete jail example, it can also serve as an example >>>> of >>>> how to set up BIND now that the old chroot configuration is no more. >>> >>> Asking for review again of the final version at the link above. If >>> there are no major complaints in the next few days, it will be >>> committed. >> >> It's not clear to me if you need lo1? If you are using aliases on an >> external >> interface as you would with a traditional jail then I think you don't need >> the >> lo1 interface? > > It's there to keep jails from being involved with lo0 on the host. But I > admit the explanation is fuzzy, and will seek clarification. Updated. It now says: To keep jail loopback traffic off the host's loopback network interface lo0, a second loopback interface is created by adding an entry to /etc/rc.conf:...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.11.1408201720480.93287>