Loopback and jail.conf

Scott Lambert lambert at lambertfam.org
Wed Jun 26 13:19:01 UTC 2013 

On Wed, Jun 26, 2013 at 12:12:54PM +0000, Ivailo Tanusheff wrote:
> I need all jails to use the 127.0.0.1 address, not different hosts in 127.0.0 network.

man jail

====================================================
     ip4.addr
             A list of IPv4 addresses assigned to the prison.  If this is set,
             the jail is restricted to using only these addresses.  Any
             attempts to use other addresses fail, and attempts to use wild-
             card addresses silently use the jailed address instead.  For IPv4
             the first address given will be kept used as the source address
             in case source address selection on unbound sockets cannot find a
             better match.  It is only possible to start multiple jails with
             the same IP address, if none of the jails has more than this sin-
             gle overlapping IP address assigned to itself.

====================================================

All of my jail IPs are on lo0.  In this jail, for nagios, they are : 

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet y.y.33.6 netmask 0xffffffff
        inet x.x.76.6 netmask 0xffffffff

But software running in the jail can access the jail via 127.0.0.1.
So, maybe you don't actually need 127.0.0.1 configured in each jail?

lambert at nagios1:~/src/tcw/nagios1.tcworks.net/etc> ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.103 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.057 ms
^C
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.057/0.080/0.103/0.023 ms

lambert at nagios1:~/src/tcw/nagios1.tcworks.net/etc> ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
Last login: Tue Jun 25 23:04:30 2013 from nagios1
FreeBSD 9.1-STABLE (GENERIC) #0 r246221M: Mon Feb  4 23:08:38 UTC 2013

Exit 1

lambert at nagios1:~> ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
        ether 00:04:23:xx:xx:xx
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
        ether 00:04:23:xx:xx:xx
        media: Ethernet autoselect
        status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet y.y.33.6 netmask 0xffffffff
        inet x.x.76.6 netmask 0xffffffff
lambert at nagios1:~>

 
> -----Original Message-----
> From: Lars Engels [mailto:lars.engels at 0x20.net] 
> Sent: Wednesday, June 26, 2013 2:00 PM
> To: Ivailo Tanusheff
> Cc: wishmaster; freebsd-jail at freebsd.org
> Subject: Re: Re[2]: Loopback and jail.conf
> 
> On Wed, Jun 26, 2013 at 07:47:25AM +0000, Ivailo Tanusheff wrote:
> > Mate, I do not need pf or ipfw :)
> > Maybe I did not describe it well, what I simply need is:
> > 
> > Jail 1:
> >   Interface em0: 192.168.0.1
> >   Interface lo0: 127.0.0.1
> > 
> > Jail 2:
> >   Interface em0: 192.168.0.2
> >   Interface lo0: 127.0.0.1
> > 
> > Jail 3:
> >   Interface em0: 192.168.0.3
> >   Interface lo0: 127.0.0.1
> > 
> > As you can see, there the same address for the loopback, which gives me an error when I start the jail:
> > Jail 1 starts ok.
> > Then when I start Jail 2:
> > jail: jail2: IPv4 addresses clash
> > 
> > What I use in jail.conf:
> > 
> > Jail1: ip4.addr = 192.168.0.1 , 127.0.0.1;
> > Jail2: ip4.addr = 192.168.0.2 , 127.0.0.1;
> 
> You can add aliases to lo0: 127.0.0.2, .3, .4, ...
> 
> 
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"

-- 
Scott Lambert                    KC5MLE                       Unix SysAdmin
lambert at lambertfam.org

How to be a "computer expert," http://www.xkcd.com/627/

More information about the freebsd-jail mailing list