can jail use 2 NICS?
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Fri Nov 21 14:40:06 PST 2008
On Fri, 21 Nov 2008, Ruslan Ermilov wrote:
Hi,
> Have been traveling, hence long "no reply"...
>
> On Sun, Nov 16, 2008 at 02:10:35PM +0000, Bjoern A. Zeeb wrote:
>> So the basic idea could be to only have
>> jail_<name>_ip=""
>> jail_<name>_ip6=""
>>
>> and each of them would have a format like:
>>
>> [iface|]address[/prefix]
>
> I'd suggest [iface:] instead.
be aware that : might be problematic to parse from shell with IPv6
addresses as it would either be:
bge0:2001:db8::1
or just
2001:db8::1
>> where iface and prefix are optional and prefix only makes sense if
>> iface is given?
>>
>> If iface is given it means configure the address with prefix to the
>> given interface; if prefix is not given the default would be /32 for
>> ipv4 and /128 for ipv6.
>>
>> So now this would give really long and complicated lines in rc.conf.
>> Do you think we could have something like the _alias<N> for interface
>> addresses so that it would be like:
>>
>> jail_<name>_ip="" # default
>> jail_<name>_ip_multi0="" # second IP of the jail
>> jail_<name>_ip_multi1="" # third IP of the jail
>> jail_<name>_ip_multi2="" # 4th IP of the jail
>>
>> and similar for IPv6?
>>
>> (multi might not be the best suffix)
>>
>> Something along those lines?
>>
>> Ruslan, what do you think about something like that? We could have
>> that for HEAD and 7 just now and add the _multi<N> support with the
>> multi-IP jail patches? Could you and Ruben work together to build
>> this?
>>
> I think this is a good idea. My workaround with routes
> I mentioned doesn't actually work, so currently we use
> a version from HEAD on our production servers, and the
> modified version of ezjail port that supports netmasks.
Sounds like a plan then. Thanks a lot.
/bz
--
Bjoern A. Zeeb Stop bit received. Insert coin for new game.
More information about the freebsd-jail
mailing list