Date: Thu, 04 Jun 2009 16:00:43 +0200 From: Dirk Engling <erdgeist@erdgeist.org> To: freebsd-hackers@freebsd.org Subject: Jails, loopback interfaces and sendmail Message-ID: <4A27D38B.6040108@erdgeist.org>
next in thread | raw e-mail | index | archive | help
Dear fellow hackers, since jail can be bound on multiple IP addresses I tend to clone multiple loopback interfaces and add one loopback address to each jail cloned_interfaces="lo1 lo2 lo3" ifconfig_lo1_alias0="inet 127.0.0.2 netmask 0xffffffff" ifconfig_lo2_alias0="inet 127.0.0.3 netmask 0xffffffff" ifconfig_lo3_alias0="inet 127.0.0.4 netmask 0xffffffff" .. no this is not yet optimal, since I can not run several jails on a single external IP anymore, but at least local daemons are not visible to the outside world, anymore. However, grep -R 127.0.0.1 /etc reveals, that sendmail in many places assumes localhost to be on 127.0.0.1 instead of looking it up in /etc/hosts or using 127.0.0.0/8 to identify a local connection. I worry that more programmers made those assumptions, possibly breaking more tools. My question is: Who's the right guy to beg to fix sendmail or alternatively would it be smart to allow each jail to have its own concept of 127.0.0.1 on a dummy interface mapped to all jails, that itself doesn't count as a bound IP address (thus allowing the jail to bind to an already bound ip address) and is not routed between jails? Any ideas? erdgeist
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A27D38B.6040108>