Assign Lookback address 127.0.0.1 to jail
Allan Jude
allanjude at freebsd.org
Wed Jun 11 01:49:33 UTC 2014
On 2014-06-10 21:19, s7r at sky-ip.org wrote:
> On 6/11/2014 3:28 AM, Allan Jude wrote:
>> On 2014-06-10 20:23, s7r at sky-ip.org wrote:
>>> On 6/11/2014 3:20 AM, Allan Jude wrote:
>>>> On 2014-06-10 20:07, s7r at sky-ip.org wrote:
>>>>> Hi,
>>>>>
>>>>> Operating system is FreeBSD 10.0 64 Bit
>>>>>
>>>>> I have installed ezjail from ports and properly configured a
>>>>> jail with its own static and dedicated IP address. Everything
>>>>> works good, it's just that I have an application which
>>>>> requires to talk to another one via RPC on IP 127.0.0.1, and
>>>>> I have noticed the jail does not have a lo0 interface or
>>>>> localhost 127.0.0.1 IP address.
>>>>>
>>>>> This is bad because the application has no choice but to bind
>>>>> to the public IP address assigned to the jail, and it's not
>>>>> safe.
>>>>>
>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a jail?
>>>>>
>>>>> Thanks in advance.
>>>>> _______________________________________________
>>>>> freebsd-jail at freebsd.org mailing list
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>>>> unsubscribe, send any mail to
>>>>> "freebsd-jail-unsubscribe at freebsd.org"
>>>>>
>>>
>>>> Does it have to be 127.0.0.1? You can add an alias like
>>>> 127.0.0.2 to the lo0 interface and use that.
>>>
>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the jail.
>>>
>>>> Using ezjail, you can also allocate more than 1 IP address to
>>>> a jail by comma separating them
>>>
>>>> You can also make it automatically alias the IPs for you with
>>>> the syntax:
>>>
>>>> em0|192.168.0.10,lo0|127.0.0.2 etc
>>>
>>>
>>>
>>> Thank you Allan for your fast reply.
>>>
>>> I have the jail already created via: # ezjail-admin create
>>> <jailname> <em0|public IP>
>>>
>>> How do I modify the already existing jail to have 127.0.0.2, for
>>> example, or can't I just have 127.0.0.1 in the jail?
>>>
>>> _______________________________________________
>>> freebsd-jail at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>> unsubscribe, send any mail to
>>> "freebsd-jail-unsubscribe at freebsd.org"
>>>
>
>> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name
>
>> and change the line that defines the IPs
>
>
> Thank you it works, with 127.0.0.2
>
> If I try to add 127.0.0.1 will this create any conflicts with the host
> or will it work? Because i have something important listening on
> hosts's 127.0.0.1 and don't want to mess up. I would need the same
> configuration within the jail also, so that's why I need the .1
> localhost IP.
>
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
>
When the host and the jail share an IP, the jail wins. So, if you run
sshd on both, then ssh'ing to the shared IP will goto the jail. However,
if you don't run sshd in the jail and you do on the host, the connection
will 'fall through' to the host.
So, as long as the jail isn't going to use the same port # as your
important app, you can share.
--
Allan Jude
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20140610/b1e14b7b/attachment.sig>
More information about the freebsd-jail
mailing list