multiple interfaces for jail.conf(1) and jail_set(2)

Allan Jude allanjude at freebsd.org
Wed Dec 14 05:43:30 UTC 2016 

On 2016-12-13 23:47, Isaac (.ike) Levy wrote:
> Hi Valeri,
> 
>> On Dec 13, 2016, at 5:03 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
>>
>> On Tue, December 13, 2016 2:14 pm, Isaac (.ike) Levy wrote:
>>> Hi All,
>>>
>>> Can I specify multiple IP interfaces and assign IP’s to them using
>>> jail.conf?
>>> I have jails with IPv4/IPv6 addresses on multiple physical interfaces, as
>>> well as assigning a loopback.
>>
>> Last time I tried it which was about year and a half ago the answer was:
> 
> Just to clarify your answer,
> 
>> no, this is not possible. Jail can only have one IP address (in addition
>> to loopback addresses).
> 
> Do you mean this just for jail.conf configuration/usage?
> 
> If so, from all I’ve read and tried, that makes complete sense, and makes me sad as it prevents me from using the slickness of jail.conf(1) and jail_set(2) - not yet :)
> 
> --
> However, to be very clear for the list archive, jails can most definately have many IP addresses, (since between FreeBSD 7 and 8 I believe?), including loopback, (which is just an IP address like any other),
> 
> For example,
> 
> # ifconfig em0 inet alias 10.10.10.10/32
> # ifconfig em1 inet alias 10.10.10.11/32
> # ifconfig lo0 inet alias 127.0.0.11/32
> # ifconfig em0 inet6 alias 2:2:2:2::10 prefixlen 64
> # jail -c path=/some/place host.hostname=myjail ip4.addr=“10.10.10.10,10.10.10.11,127.0.0.11" ip6.addr="2:2:2:2::10" command=/bin/sh /etc/rc
> 
> Best,
> .ike
> 
> 
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
> 

In ezjail I can just do this:


export
jail_something_scaleengine_net_ip="vlan43|10.0.0.17,vlan43|2001:470:1::1:6667,lo0|127.0.3.1"

If you include the interface name like that, it will automatically add
the alias when the jail starts, and remove it when the jail stops
(simplifying the task of moving the jail to a different host)

If the IP is already bound to the machine, just use the comma separated
list of IPs.


-- 
Allan Jude

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20161214/85676364/attachment.sig>

More information about the freebsd-jail mailing list