Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 04 Jun 2009 16:00:43 +0200
From:      Dirk Engling <erdgeist@erdgeist.org>
To:        freebsd-hackers@freebsd.org
Subject:   Jails, loopback interfaces and sendmail
Message-ID:  <4A27D38B.6040108@erdgeist.org>

next in thread | raw e-mail | index | archive | help
Dear fellow hackers,

since jail can be bound on multiple IP addresses I tend to clone
multiple loopback interfaces and add one loopback address to each jail

cloned_interfaces="lo1 lo2 lo3"
ifconfig_lo1_alias0="inet 127.0.0.2 netmask 0xffffffff"
ifconfig_lo2_alias0="inet 127.0.0.3 netmask 0xffffffff"
ifconfig_lo3_alias0="inet 127.0.0.4 netmask 0xffffffff"
..

no this is not yet optimal, since I can not run several jails on a
single external IP anymore, but at least local daemons are not visible
to the outside world, anymore.

However, grep -R 127.0.0.1 /etc reveals, that sendmail in many places
assumes localhost to be on 127.0.0.1 instead of looking it up in
/etc/hosts or using 127.0.0.0/8 to identify a local connection.

I worry that more programmers made those assumptions, possibly breaking
more tools.

My question is: Who's the right guy to beg to fix sendmail or
alternatively would it be smart to allow each jail to have its own
concept of 127.0.0.1 on a dummy interface mapped to all jails, that
itself doesn't count as a bound IP address (thus allowing the jail to
bind to an already bound ip address) and is not routed between jails?

Any ideas?

  erdgeist



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A27D38B.6040108>