Date: Sun, 16 Nov 2008 14:10:35 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Ruben van Staveren <ruben@verweg.com> Cc: freebsd-jail@freebsd.org, Ruslan Ermilov <ru@freebsd.org> Subject: Re: can jail use 2 NICS? Message-ID: <20081116135929.S61259@maildrop.int.zabbadoz.net> In-Reply-To: <D8D53A5B-5092-435C-BECB-E8100DD00BA9@verweg.com> References: <EEBDDC3B-CE47-46F0-B5D3-1FDBDB77E721@verweg.com> <20081116101126.T61259@maildrop.int.zabbadoz.net> <D8D53A5B-5092-435C-BECB-E8100DD00BA9@verweg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 16 Nov 2008, Ruben van Staveren wrote: > > On 16 Nov 2008, at 11:12, Bjoern A. Zeeb wrote: > >> On Fri, 14 Nov 2008, Ruben van Staveren wrote: >> >> Hi, >> >>> I ran into this issue myself, and repatched /etc/rc.d/jail to work with >>> this >>> >>> jail_erg_ipv6="net0|2001:980:fff:96::c0a8:181" # Jail's >>> IP number >>> jail_erg_ip="192.168.1.129" # Jail's IP number >>> jail_erg_interface="lo0" >>> >>> So default for everything is lo0, but you can override stuff by prefixing >>> and address with <iface>|<addr> >>> >>> Have fun at http://ruben.is.verweg.com/stuff/jail >>> of course, YMMV >> >> would that work as well with multiple IPs (per address family)? I kind > > you mean like jail_<jailid>_ip="net0|addr1 net1|addr2" ? it does. >> of lost track. An are you also supporting the netmask feature from >> ru@? > > It doesn't do netmask/prefix length but that should be easy to add. btw I am > working only against RELENG_7 so I don't know of any new network features in > HEAD. Should get a new macbook soon so I can run vmware fusion to check that > out ;) Having that working as well would be a good thing, and I'd prefer that in constrast to "netmask 255.255.255.255". Only going with prefix notation (which usually would be /32 or /128) instead of having an extra jail_<name>_netmask would be something I'd be fine with even though this seems to end up in a long and complicated list of options. See http://svn.freebsd.org/viewvc/base?view=revision&revision=183325 for Ruslan's commit to HEAD which had been discussed here before. So the basic idea could be to only have jail_<name>_ip="" jail_<name>_ip6="" and each of them would have a format like: [iface|]address[/prefix] where iface and prefix are optional and prefix only makes sense if iface is given? If iface is given it means configure the address with prefix to the given interface; if prefix is not given the default would be /32 for ipv4 and /128 for ipv6. So now this would give really long and complicated lines in rc.conf. Do you think we could have something like the _alias<N> for interface addresses so that it would be like: jail_<name>_ip="" # default jail_<name>_ip_multi0="" # second IP of the jail jail_<name>_ip_multi1="" # third IP of the jail jail_<name>_ip_multi2="" # 4th IP of the jail and similar for IPv6? (multi might not be the best suffix) Something along those lines? Ruslan, what do you think about something like that? We could have that for HEAD and 7 just now and add the _multi<N> support with the multi-IP jail patches? Could you and Ruben work together to build this? Regards, Bjoern -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081116135929.S61259>