Jails, loopback interfaces and sendmail
Glen Barber
glen.j.barber at gmail.com
Thu Jun 4 16:32:59 UTC 2009
Hi, Dirk
On Thu, Jun 4, 2009 at 10:00 AM, Dirk Engling <erdgeist at erdgeist.org> wrote:
> Dear fellow hackers,
>
> since jail can be bound on multiple IP addresses I tend to clone
> multiple loopback interfaces and add one loopback address to each jail
>
> cloned_interfaces="lo1 lo2 lo3"
> ifconfig_lo1_alias0="inet 127.0.0.2 netmask 0xffffffff"
> ifconfig_lo2_alias0="inet 127.0.0.3 netmask 0xffffffff"
> ifconfig_lo3_alias0="inet 127.0.0.4 netmask 0xffffffff"
> ..
>
> no this is not yet optimal, since I can not run several jails on a
> single external IP anymore, but at least local daemons are not visible
> to the outside world, anymore.
>
This doesn't answer your _real_ question, but here's a suggestion.
There are a few other ways you could do this with the addressing --
maybe it'll be less confusing for you. The APIPA address pool
(168.254.x.x/16) is also non-routable. You could change your aliased
interfaces to use this range, which may clear things up for you, and
the jails will still retain their loopback address.
--
Glen Barber
http://www.dev-urandom.com
http://www.linkedin.com/in/glenjbarber
More information about the freebsd-hackers
mailing list