Assign Lookback address 127.0.0.1 to jail

Allan Jude allanjude at freebsd.org
Wed Jun 11 00:28:48 UTC 2014 

On 2014-06-10 20:23, s7r at sky-ip.org wrote:
> On 6/11/2014 3:20 AM, Allan Jude wrote:
>> On 2014-06-10 20:07, s7r at sky-ip.org wrote:
>>> Hi,
>>>
>>> Operating system is FreeBSD 10.0 64 Bit
>>>
>>> I have installed ezjail from ports and properly configured a jail
>>> with its own static and dedicated IP address. Everything works
>>> good, it's just that I have an application which requires to talk
>>> to another one via RPC on IP 127.0.0.1, and I have noticed the
>>> jail does not have a lo0 interface or localhost 127.0.0.1 IP
>>> address.
>>>
>>> This is bad because the application has no choice but to bind to
>>> the public IP address assigned to the jail, and it's not safe.
>>>
>>> How can I add a lo0 interface with IP 127.0.0.1 to a jail?
>>>
>>> Thanks in advance. 
>>> _______________________________________________ 
>>> freebsd-jail at freebsd.org mailing list 
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>> unsubscribe, send any mail to
>>> "freebsd-jail-unsubscribe at freebsd.org"
>>>
> 
>> Does it have to be 127.0.0.1? You can add an alias like 127.0.0.2
>> to the lo0 interface and use that.
> 
>> Inside the jail, 127.0.0.1 is mapped to the IP of the jail.
> 
>> Using ezjail, you can also allocate more than 1 IP address to a
>> jail by comma separating them
> 
>> You can also make it automatically alias the IPs for you with the
>> syntax:
> 
>> em0|192.168.0.10,lo0|127.0.0.2 etc
> 
> 
> 
> Thank you Allan for your fast reply.
> 
> I have the jail already created via:
> # ezjail-admin create <jailname> <em0|public IP>
> 
> How do I modify the already existing jail to have 127.0.0.2, for
> example, or can't  I just have 127.0.0.1 in the jail?
> 
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
> 

Stop the jail, and then edit /usr/local/etc/ezjail/jail_name

and change the line that defines the IPs

-- 
Allan Jude

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20140610/098d590b/attachment.sig>

More information about the freebsd-jail mailing list