Jails routing and localhost

[Ole]

Hi Luke,


Thu, 18 Jan 2018 19:03:32 +0000 - Luke Crooks
<luke at solentwholesale.com>:

> Hi Ole,
> 
> I am by no means an expert, but to me I see your problem is here..
> 
> 
>   # ezjail-admin create somejail 'lo1|b.b.b.238,lo1|127.b.b.238'
> 
> You are binding the jail to the same network controller lo1.
> 
> Usually you would bind the jail like..
> 
>   # ezjail-admin create somejail 'lo1|127.0.0.238, emX|10.1.1.238'


If I do this (and ad first I tried exactly this) the networking on the
host system will fail a few minutes after the jail start. And I have no
remote connection to the Server. So I only can do a hard reset.

I don't know why this happens. At the moment I only have production
Servers in this datacenter, so I can't play with them to reproduce. But
I will organize another and report here.

Usually I have Servers with a public IP in a /24 Layer2 network. Then 

  # ezjail-admin create somejail 'lo1|127.b.b.238, emX|b.b.b.238'

woks fine.

 
> Where 10.1.1.0/24 is your subnet of your host. And you have free
> range on the network and want to create the jail as a fully fledged
> host.
> 
> Seeing as you have only been assigned a /32 for your host. I would
> imagine you would either need to possibly do something like...
> 
>   # ezjail-admin create somejail 'lo1|127.0.0.238, lo0|127. 0.0.237'
> 
> E.g bind the jail loopback of lo1 to the host loopback lo0. But I have
> never seen a configuration like yours using the same device twice,
> but I could be totally wrong.

But then I also have to set a static route like

  # route add b.b.b.238 127. 0.0.237

to reach the server with the public IP?


Thank you all for your replies
Ole
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale Signatur von OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20180119/ef29899c/attachment.sig>