Assign Lookback address 127.0.0.1 to jail

Wed Jun 11 19:53:41 UTC 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/11/2014 4:46 AM, Jason Hellenthal wrote:
> You could just go with building the host kernel with VIMAGE  . . .
> Then each jail has its own virtual network stack.
> 
> image.png
> 
> -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN
> 
> On Jun 10, 2014, at 21:19, "s7r at sky-ip.org
> <mailto:s7r at sky-ip.org>" <s7r at sky-ip.org <mailto:s7r at sky-ip.org>>
> wrote:
> 
> On 6/11/2014 3:28 AM, Allan Jude wrote:
>>>> On 2014-06-10 20:23, s7r at sky-ip.org <mailto:s7r at sky-ip.org>
>>>> wrote:
>>>>> On 6/11/2014 3:20 AM, Allan Jude wrote:
>>>>>> On 2014-06-10 20:07, s7r at sky-ip.org
>>>>>> <mailto:s7r at sky-ip.org> wrote:
>>>>>>> Hi,
>>>>>>> 
>>>>>>> Operating system is FreeBSD 10.0 64 Bit
>>>>>>> 
>>>>>>> I have installed ezjail from ports and properly
>>>>>>> configured a jail with its own static and dedicated IP
>>>>>>> address. Everything works good, it's just that I have
>>>>>>> an application which requires to talk to another one
>>>>>>> via RPC on IP 127.0.0.1, and I have noticed the jail
>>>>>>> does not have a lo0 interface or localhost 127.0.0.1 IP
>>>>>>> address.
>>>>>>> 
>>>>>>> This is bad because the application has no choice but
>>>>>>> to bind to the public IP address assigned to the jail,
>>>>>>> and it's not safe.
>>>>>>> 
>>>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a
>>>>>>> jail?
>>>>>>> 
>>>>>>> Thanks in advance. 
>>>>>>> _______________________________________________ 
>>>>>>> freebsd-jail at freebsd.org
>>>>>>> <mailto:freebsd-jail at freebsd.org> mailing list 
>>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
>>>>>>> To unsubscribe, send any mail to 
>>>>>>> "freebsd-jail-unsubscribe at freebsd.org 
>>>>>>> <mailto:freebsd-jail-unsubscribe at freebsd.org>"
>>>>>>> 
>>>>> 
>>>>>> Does it have to be 127.0.0.1? You can add an alias like 
>>>>>> 127.0.0.2 to the lo0 interface and use that.
>>>>> 
>>>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the
>>>>>> jail.
>>>>> 
>>>>>> Using ezjail, you can also allocate more than 1 IP
>>>>>> address to a jail by comma separating them
>>>>> 
>>>>>> You can also make it automatically alias the IPs for you
>>>>>> with the syntax:
>>>>> 
>>>>>> em0|192.168.0.10,lo0|127.0.0.2 etc
>>>>> 
>>>>> 
>>>>> 
>>>>> Thank you Allan for your fast reply.
>>>>> 
>>>>> I have the jail already created via: # ezjail-admin create 
>>>>> <jailname> <em0|public IP>
>>>>> 
>>>>> How do I modify the already existing jail to have
>>>>> 127.0.0.2, for example, or can't  I just have 127.0.0.1 in
>>>>> the jail?
>>>>> 
>>>>> _______________________________________________ 
>>>>> freebsd-jail at freebsd.org <mailto:freebsd-jail at freebsd.org>
>>>>> mailing list 
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To 
>>>>> unsubscribe, send any mail to 
>>>>> "freebsd-jail-unsubscribe at freebsd.org 
>>>>> <mailto:freebsd-jail-unsubscribe at freebsd.org>"
>>>>> 
>>>> 
>>>> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name
>>>> 
>>>> and change the line that defines the IPs
>>>> 
> 
> Thank you it works, with 127.0.0.2
> 
> If I try to add 127.0.0.1 will this create any conflicts with the
> host or will it work? Because i have something important listening
> on hosts's 127.0.0.1 and don't want to mess up. I would need the
> same configuration within the jail also, so that's why I need the
> .1 localhost IP.
> 
>> _______________________________________________ 
>> freebsd-jail at freebsd.org <mailto:freebsd-jail at freebsd.org>
>> mailing list 
>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>> unsubscribe, send any mail to
>> "freebsd-jail-unsubscribe at freebsd.org 
>> <mailto:freebsd-jail-unsubscribe at freebsd.org>"

Hey Jason

Thanks for your suggestion. can you please ellaborate a little bit and
tell me how can i do this step by step? I have an already installed
system with ezjail and already created one jail - how can I add VIMAGE
to have virtual network stack in each jail without having to reinstall
the host or the jails? Thank you, looking forward for your reply.

- -- 
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTmLPEAAoJEIN/pSyBJlsRabgH/iG/pNAmpmb5ZBYksIjm4U5K
hOvKcOzGiZMn/8LgbJWYf930T8li0UFmr2MttKLjkbojju/zeqjWdYfRI4t+QI5Y
JbKj0BFHA6hPxED7BDNaorHOA/jlAbreToyzMGVlK1EIo/CxCOroMBomomucjlAx
LxICOVrUPmHfR/f3h+sOAgqTytflQQ389PalC7gBZ7IH72JTIEFpc+8Ql5+GPDCL
cLKrrPiTXwQqurJHQMcaaTJ3DJ1Bk1WSipJiqyRNzWIkM29q/CwEeZcyxc+7tbet
EZaL2JechFirmlSRRj/uINqzjW5xCN4uppXBn8FakB75Ort7zRguOryH9gh98WE=
=gyIS
-----END PGP SIGNATURE-----