loopback in jail
Andrei Kolu
antik at bsd.ee
Thu Nov 11 08:31:34 UTC 2010
2010/11/10 Michael Scheidell <michael.scheidell at secnap.com>
>
> for amavisd-new, right?
>
>
> On 11/10/10 12:16 PM, Andrei Kolu wrote:
>
> Hi,
>
> I have problem with binding port to localhost inside of jail (ezjail).
>
> can only have one '127.0.0.1'. even with vnet, I am sure.
>
>
> /usr/local/etc/amavisd.conf:$inet_socket_port = 10024;
> should be fine.
> however, you also need this:
>
> @inet_acl = ( qw [ 0.0.0.0/0 ] );
>
> plus a lot of things. We have a commercial hosted email security product with multiple dozens of amavisd based VPS's and it took a while to get it to work.
> try the amavisd users group as well.
>
> --
> Michael Scheidell, CTO
I see. But I am testing right now kernel with "options VIMAGE" and
here is the results:
# ifconfig epair create
# jail -c vnet name=test1 host.hostname=test1 path=/ persist
# ifconfig epair0b vnet 1
# jexec 1 ifconfig epair0b 192.168.11.2
# jexec 1 ifconfig
lo0: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:62:68:00:05:0b
inet 192.168.11.2 netmask 0xffffff00 broadcast 192.168.11.255
inet6 fe80::62:68ff:fe00:50b%epair0b prefixlen 64 scopeid 0x2
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
Now I'll try to configure localhost!
# jexec 1 ifconfig lo0 localhost
Let me see what's happened
# jexec 1 ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:62:68:00:05:0b
inet6 fe80::62:68ff:fe00:50b%epair0b prefixlen 64 scopeid 0x2
inet 192.168.11.2 netmask 0xffffff00 broadcast 192.168.11.255
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
Wow, I have local ip address now. Can't do same thing without VIMAGE
# ifconfig lo0 localhost
ifconfig: ioctl (SIOCDIFADDR): permission denied
This is only preliminary testing but things are looking quite different I guess.
FreeBSD 8.1-STABLE #1: Thu Nov 11 09:36:29 EET 2010
More information about the freebsd-jail
mailing list