configuration of multiple IPs for a jail
Jase Thew
bazerka at beardz.net
Sat Jan 30 01:06:43 UTC 2010
On 29/01/2010 09:24, Bjoern A. Zeeb wrote:
> On Thu, 28 Jan 2010, tom at diogunix.com wrote:
>
> Hi,
>
>> Jase,
>>
>>> This behaviour has been addressed in RELENG_7 recently with r202924
>>> [1].
>>
>> thank you very much. That's what I was watching out for :-).
>> I somehow could not find that hint in all the resources I used.
>>
>>> This commit allows you to set : sysctl security.jail.ip4_saddrsel 0 ,
>>> which makes the kernel use the first IP passed to jail (8) as the
>>> default source address instead of the default behaviour which picks the
>>> first matching ip for that jail on the interface.
>
> That's not exactly true. Source address uses the first "matching"
> address for the destination on the outgoing interface if possible.
> There is a route lookup involved as well. So if you are serving more
> than one subnet it won't necessarily be the first IP of the interface
> seen within the jail.
>
> For the case given, it most likely will, though.
>
Yes, indeed. My answer was based on the configuraton example presented
and the assumption that all the IPs given were located in the same subnet.
Regards,
Jase.
More information about the freebsd-jail
mailing list