Re: IPv4 addresses clash / jails not working after reboot…

Thu Mar 7 16:39:52 UTC 2013

07.03.2013 16:29, Yoann Gini пишет:
> 
> Le 7 mars 2013 à 10:58, Boris Samorodov <bsam at passap.ru> a écrit :
> 
>> 07.03.2013 12:48, Yoann Gini пишет:
>>
>>> I need to share this IP, I’ve only one and I would like to avoid playing with NAT…
>>
>> One IP may be shared but for different services (ports).
> 
> That what I’ve understand and what I’ve planned.
> 
>>> If someone have a idea…
>>
>> Give some more information:
>> 1. OS version, OS arch.
> 
> FreeBSD srv0.public.example.com 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec  4 09:23:10 UTC 2012     root at farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
> 
>> 2. Jail configuration (at least one) from /etc and LOCALBASE/etc/ezjail.
> 
> What do you want in /etc ? Except the fstab, I don’t see any config here, the fstab look like that:
> 
> /home/jails/basejail /home/jails/front0.public.example.com/basejail nullfs ro 0 0
> /usr/ports      /home/jails/front0.public.example.com/usr/ports         nullfs ro 0 0
> 
> And here is the ezjail config
> 
> export jail_front0_public_example_com_hostname="front0.public.example.com"
> export jail_front0_public_example_com_ip=« IPv6Prefix::80,SharedIPv4,10.42.0.2"
> export jail_front0_public_example_com_rootdir="/home/jails/front0.public.example.com"
> export jail_front0_public_example_com_exec_start="/bin/sh /etc/rc"
> export jail_front0_public_example_com_exec_stop=""
> export jail_front0_public_example_com_mount_enable="YES"
> export jail_front0_public_example_com_devfs_enable="YES"
> export jail_front0_public_example_com_devfs_ruleset="devfsrules_jail"
> export jail_front0_public_example_com_procfs_enable="YES"
> export jail_front0_public_example_com_fdescfs_enable="YES"
> export jail_front0_public_example_com_image=""
> export jail_front0_public_example_com_imagetype=""
> export jail_front0_public_example_com_attachparams=""
> export jail_front0_public_example_com_attachblocking=""
> export jail_front0_public_example_com_forceblocking=""
> export jail_front0_public_example_com_zfs_datasets=""
> export jail_front0_public_example_com_cpuset=""
> export jail_front0_public_example_com_fib=""
> 
>> 3. What do you want to achieve.
> 
> I want a setup with:
> — srv0 listen only for SSH on a alternate port for supervision on public IPv4/6 ;
> — front0 to handle any public services (web, DNS, e-mail) on public IPv4/6 ;
> — service0 to handle internal services (git, redmine, AFP sharepoints…) on private IP and SSH on a other alternate port on public IPv4/6 ;
> — gateway0 to act as a VPN server and webproxy to secure access to private services on service0 and act as a secure gateway to encrypt network traffic for road-warriors on public network.
> 
> In the end, I will dispatch those services on different server but for now I only access to one system, so I would like to prepare the setup to be dispatched on different hardware when the budget come.

That's all seems reasonable...

> Actually, if I remove the SharedIPv4 from the jails, it works.

Did you configure any sysctl parameters for jails?

-- 
WBR, Boris Samorodov (bsam)
FreeBSD Committer, http://www.FreeBSD.org The Power To Serve