can jail use 2 NICS?

Sun Nov 16 06:15:08 PST 2008

On Sun, 16 Nov 2008, Ruben van Staveren wrote:

>
> On 16 Nov 2008, at 11:12, Bjoern A. Zeeb wrote:
>
>> On Fri, 14 Nov 2008, Ruben van Staveren wrote:
>> 
>> Hi,
>> 
>>> I ran into this issue myself, and repatched /etc/rc.d/jail to work with 
>>> this
>>> 
>>> jail_erg_ipv6="net0|2001:980:fff:96::c0a8:181"                  # Jail's 
>>> IP number
>>> jail_erg_ip="192.168.1.129"                  # Jail's IP number
>>> jail_erg_interface="lo0"
>>> 
>>> So default for everything is lo0, but you can override stuff by prefixing 
>>> and address with <iface>|<addr>
>>> 
>>> Have fun at http://ruben.is.verweg.com/stuff/jail
>>> of course, YMMV
>> 
>> would that work as well with multiple IPs (per address family)? I kind
>
> you mean like jail_<jailid>_ip="net0|addr1 net1|addr2" ? it does.
>> of lost track. An are you also supporting the netmask feature from
>> ru@?
>
> It doesn't do netmask/prefix length but that should be easy to add. btw I am 
> working only against RELENG_7 so I don't know of any new network features in 
> HEAD. Should get a new macbook soon so I can run vmware fusion to check that 
> out ;)

Having that working as well would be a good thing, and I'd prefer that
in constrast to "netmask 255.255.255.255". Only going with prefix
notation (which usually would be /32 or /128) instead of having an
extra jail_<name>_netmask would be something I'd be fine with even
though this seems to end up in a long and complicated list of options.

See
http://svn.freebsd.org/viewvc/base?view=revision&revision=183325
for Ruslan's commit to HEAD which had been discussed here before.

So the basic idea could be to only have
jail_<name>_ip=""
jail_<name>_ip6=""

and each of them would have a format like:

   [iface|]address[/prefix]

where iface and prefix are optional and prefix only makes sense if
iface is given?

If iface is given it means configure the address with prefix to the
given interface; if prefix is not given the default would be /32 for
ipv4 and /128 for ipv6.

So now this would give really long and complicated lines in rc.conf.
Do you think we could have something like the _alias<N> for interface
addresses so that it would be like:

jail_<name>_ip=""		# default
jail_<name>_ip_multi0=""	# second IP of the jail
jail_<name>_ip_multi1=""	# third IP of the jail
jail_<name>_ip_multi2=""	# 4th IP of the jail

and similar for IPv6?

(multi might not be the best suffix)

Something along those lines?

Ruslan, what do you think about something like that? We could have
that for HEAD and 7 just now and add the _multi<N> support with the
multi-IP jail patches? Could you and Ruben work together to build
this?

Regards,
Bjoern

-- 
Bjoern A. Zeeb              Stop bit received. Insert coin for new game.