multiple jails with multiple network interfaces
Valeri Galtsev
galtsev at kicp.uchicago.edu
Mon Jan 23 16:43:08 UTC 2012
Thanks you, Paul!
As I keep repeating myself, in nothing else helps, read the manual...
Knowing what I can do ipv4-wise in jail now, I'll just create multiple
jails for each of services, one per IP address.
Thanks a lot!
Sincerely yours,
Valeri
On Mon, January 23, 2012 1:01 am, Paul Schenkeveld wrote:
> On Sun, Jan 22, 2012 at 10:25:27PM -0600, Valeri Galtsev wrote:
>> Hello!
>>
>> I have a FreeBSD 9.0 host that is registered in DNS to appear with
>> multiple IP addresses:
>>
>> host some.host.com
>>
>> some.host.com has address a.b.c.x
>> some.host.com has address a.b.d.x
>> some.host.com has address a.b.e.x
>>
>> I built multiple jails to run one service in each following mostly:
>>
>> http://www.freebsd.org/doc/handbook/jails-application.html
>>
>> I am trying to start each of the jails with all network interfaces this
>> machine has configured (with the same IP addressed as interfaces are
>> configured on the host system). For that I have in jail related portion
>> of
>> /etc/rc.conf the following
>>
>> jail_enable="YES"
>> jail_set_hostname_allow="NO"
>> jail_list="http ftp rsync pxe"
>> jail_http_hostname="some.host.com"
>> jail_http_ip="a.b.c.x,a.b.d.x,a.b.e.x"
>> jail_http_rootdir="/jail/http"
>> ...
>> jail_ftp_hostname="some.host.com"
>> jail_ftp_ip="a.b.c.x,a.b.d.x,a.b.e.x"
>> jail_ftp_rootdir="/jail/ftp"
>> ...
>>
>> When I start jails:
>>
>> /etc/rc.d/jail start
>>
>> first in the list jail starts perfectly (and I can verify that service
>> configured to run in it is accessible on all three public IP addresses
>> of
>> the machine), all other jails, however, fail to start with the message
>>
>> some# /etc/rc.d/jail start
>> Configuring jails:.
>> Starting jails: some.host.com some.host.com some.host.com ...
>> cannot start jail "ftp"
>> .
>>
>> If I only leave one IP address in each of the jais, they all start OK.
>> If
>> I configure some jails with different IP (on the same class C network),
>> leaving first jail with multiple IP addresses, e.g.:
>>
>> jail_http_hostname="some.host.com"
>> jail_http_ip="a.b.c.x,a.b.d.x,a.b.e.x"
>> jail_http_rootdir="/jail/http"
>> ...
>> jail_ftp_hostname="some.host.com"
>> jail_ftp_ip="a.b.c.y"
>> jail_ftp_rootdir="/jail/ftp"
>> ...
>>
>> all jails start OK (first with multiple IPs, and other with single
>> different IP). If first (in order of start) jail is with single IP, and
>> next jail is with multiple IPs including the IP of the first one:
>>
>> jail_http_hostname="some.host.com"
>> jail_http_ip="a.b.c.x"
>> jail_http_rootdir="/jail/http"
>> ...
>> jail_ftp_hostname="some.host.com"
>> jail_ftp_ip="a.b.c.x,a.b.d.x,a.b.e.x"
>> jail_ftp_rootdir="/jail/ftp"
>> ...
>>
>> then jail with multiple IPs will not start.
>>
>>
>> I tried to search, but I didn't find anybody mentioning having this
>> problem or having it resolved of just having similar configuration with
>> multiple IPs.
>>
>> Is there something obviously wrong that I'm doing?
>>
>> Is it possible that there is some restriction that will not allow me to
>> have this configuration?
>
> See jail(8):
>
> ip4.addr
> ... It is only possible to start
> multiple jails with the same IP address, if none of the jails has
> more than this single overlapping IP address assigned to itself.
>
> So jails can have the same IP4 address but that has to be the only IP4
> address of that jail, otherwise all address must be unique.
>
> Kind regards,
>
> Paul Schenkeveld
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
>
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the freebsd-jail
mailing list