Assign Lookback address 127.0.0.1 to jail
s7r at sky-ip.org
s7r at sky-ip.org
Wed Jun 11 19:53:41 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/11/2014 4:46 AM, Jason Hellenthal wrote:
> You could just go with building the host kernel with VIMAGE . . .
> Then each jail has its own virtual network stack.
>
> image.png
>
> -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN
>
> On Jun 10, 2014, at 21:19, "s7r at sky-ip.org
> <mailto:s7r at sky-ip.org>" <s7r at sky-ip.org <mailto:s7r at sky-ip.org>>
> wrote:
>
> On 6/11/2014 3:28 AM, Allan Jude wrote:
>>>> On 2014-06-10 20:23, s7r at sky-ip.org <mailto:s7r at sky-ip.org>
>>>> wrote:
>>>>> On 6/11/2014 3:20 AM, Allan Jude wrote:
>>>>>> On 2014-06-10 20:07, s7r at sky-ip.org
>>>>>> <mailto:s7r at sky-ip.org> wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Operating system is FreeBSD 10.0 64 Bit
>>>>>>>
>>>>>>> I have installed ezjail from ports and properly
>>>>>>> configured a jail with its own static and dedicated IP
>>>>>>> address. Everything works good, it's just that I have
>>>>>>> an application which requires to talk to another one
>>>>>>> via RPC on IP 127.0.0.1, and I have noticed the jail
>>>>>>> does not have a lo0 interface or localhost 127.0.0.1 IP
>>>>>>> address.
>>>>>>>
>>>>>>> This is bad because the application has no choice but
>>>>>>> to bind to the public IP address assigned to the jail,
>>>>>>> and it's not safe.
>>>>>>>
>>>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a
>>>>>>> jail?
>>>>>>>
>>>>>>> Thanks in advance.
>>>>>>> _______________________________________________
>>>>>>> freebsd-jail at freebsd.org
>>>>>>> <mailto:freebsd-jail at freebsd.org> mailing list
>>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
>>>>>>> To unsubscribe, send any mail to
>>>>>>> "freebsd-jail-unsubscribe at freebsd.org
>>>>>>> <mailto:freebsd-jail-unsubscribe at freebsd.org>"
>>>>>>>
>>>>>
>>>>>> Does it have to be 127.0.0.1? You can add an alias like
>>>>>> 127.0.0.2 to the lo0 interface and use that.
>>>>>
>>>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the
>>>>>> jail.
>>>>>
>>>>>> Using ezjail, you can also allocate more than 1 IP
>>>>>> address to a jail by comma separating them
>>>>>
>>>>>> You can also make it automatically alias the IPs for you
>>>>>> with the syntax:
>>>>>
>>>>>> em0|192.168.0.10,lo0|127.0.0.2 etc
>>>>>
>>>>>
>>>>>
>>>>> Thank you Allan for your fast reply.
>>>>>
>>>>> I have the jail already created via: # ezjail-admin create
>>>>> <jailname> <em0|public IP>
>>>>>
>>>>> How do I modify the already existing jail to have
>>>>> 127.0.0.2, for example, or can't I just have 127.0.0.1 in
>>>>> the jail?
>>>>>
>>>>> _______________________________________________
>>>>> freebsd-jail at freebsd.org <mailto:freebsd-jail at freebsd.org>
>>>>> mailing list
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>>>> unsubscribe, send any mail to
>>>>> "freebsd-jail-unsubscribe at freebsd.org
>>>>> <mailto:freebsd-jail-unsubscribe at freebsd.org>"
>>>>>
>>>>
>>>> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name
>>>>
>>>> and change the line that defines the IPs
>>>>
>
> Thank you it works, with 127.0.0.2
>
> If I try to add 127.0.0.1 will this create any conflicts with the
> host or will it work? Because i have something important listening
> on hosts's 127.0.0.1 and don't want to mess up. I would need the
> same configuration within the jail also, so that's why I need the
> .1 localhost IP.
>
>> _______________________________________________
>> freebsd-jail at freebsd.org <mailto:freebsd-jail at freebsd.org>
>> mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>> unsubscribe, send any mail to
>> "freebsd-jail-unsubscribe at freebsd.org
>> <mailto:freebsd-jail-unsubscribe at freebsd.org>"
Hey Jason
Thanks for your suggestion. can you please ellaborate a little bit and
tell me how can i do this step by step? I have an already installed
system with ezjail and already created one jail - how can I add VIMAGE
to have virtual network stack in each jail without having to reinstall
the host or the jails? Thank you, looking forward for your reply.
- --
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTmLPEAAoJEIN/pSyBJlsRabgH/iG/pNAmpmb5ZBYksIjm4U5K
hOvKcOzGiZMn/8LgbJWYf930T8li0UFmr2MttKLjkbojju/zeqjWdYfRI4t+QI5Y
JbKj0BFHA6hPxED7BDNaorHOA/jlAbreToyzMGVlK1EIo/CxCOroMBomomucjlAx
LxICOVrUPmHfR/f3h+sOAgqTytflQQ389PalC7gBZ7IH72JTIEFpc+8Ql5+GPDCL
cLKrrPiTXwQqurJHQMcaaTJ3DJ1Bk1WSipJiqyRNzWIkM29q/CwEeZcyxc+7tbet
EZaL2JechFirmlSRRj/uINqzjW5xCN4uppXBn8FakB75Ort7zRguOryH9gh98WE=
=gyIS
-----END PGP SIGNATURE-----
More information about the freebsd-jail
mailing list