Jails and IP Aliasing
fbsd.questions at rachie.is-a-geek.net
Tue Jul 8 09:24:35 UTC 2008
On Monday 07 July 2008 18:51:33 David Allen wrote:
> Granted, everything is really happening over the loopback address, but a
> connection originating from the jailhost to a jail should appear to be
> using the jailhost's IP address, or so I'd like to think. If it doesn't,
> then the scenario is awkward at best when trying to understand or debug
To debug this, you need to 'add jail support to sockstat'. This sounds hard,
and it is, but you can fake it, since sockstat gives you the PID. With a
little creative scripting, you can call `ps -o state' for each PID in the
list, look for the capital 'J' and if it is, add the 'J' to the line.
> The thought occurred to me, however, that I could add a new network card
> and reserve that for the IP aliases needed by the jails. But I'm not sure
> whether that will work in telling me who's who, or whether I'll discover
> another gotcha. ;-)
It will add more gotcha's, unless you put each network card in a different
network. With the IP's given here, you tell the host that 10.0.1.0/24 is on
fxp0, so it will never go to fxp1 for 10.0.1.4.
Problem with today's modular software: they start with the modules
and never get to the software part.
More information about the freebsd-questions