configuration of multiple IPs for a jail

tom at diogunix.com tom at diogunix.com
Thu Jan 28 22:50:17 UTC 2010


Jase,

> This behaviour has been addressed in RELENG_7 recently with r202924 [1].

thank you very much. That's what I was watching out for :-). 
I somehow could not find that hint in all the resources I used.

> This commit allows you to set : sysctl security.jail.ip4_saddrsel 0 ,
> which makes the kernel use the first IP passed to jail (8) as the
> default source address instead of the default behaviour which picks the
> first matching ip for that jail on the interface.

Just great. I run 7.2 stable on most machines and thanks to your information 
it will be much easier than what I meanwhile did to fix things.

> A workaround (if you're not able to update to a RELENG_7 following that
> commit) is to reorder your interface aliases in /etc/rc.conf ,so that
> your primary jail ip has a lower alias # than any secondary ips for that
> jail.

Yes. I've meanwhile found exactly that out the hard way and by trial and 
error. Works nice (or however, it works), even when the kernel setting method 
of course is much more elegant.

> Hope this helps,

I did already.
Many thanks
Tom



More information about the freebsd-jail mailing list