Per-jail private loopback
Mark Martinec
Mark.Martinec+freebsd at ijs.si
Fri Dec 18 02:28:53 UTC 2015
On 2015-12-18 00:48, Garrett Wollman wrote:
> I'm a bit new to managing jails, and one of the things I'm finding I
> need is a way for jails to have their own private loopback interfaces
> -- so that things like sendmail and local DNS resolvers actually work
> right without explicit configuration. Is there any way of making this
> work short of going all the way to full VIMAGE? (I'm reluctant to do
> the latter because it then means I have to carry two separate kernels,
> one for performance and one for jail hosts.) Or is VIMAGE cheap
> enough that I won't notice the performance hit? Does that even get me
> to where I need to be (with each jail having its own 127.0.0.1)?
You can create additional loopback interfaces for jails that
need them, e.g.
cloned_interfaces="lo1 lo2 lo3"
or from a command line:
ifconfig lo1 create up
then assign them a unique address (through a jail setting), either from
the 127.0.0.0/8 range (like 127.0.1.1/32), or some other private
non-routable address, possibly an IPv6 address. In a jail you will
then need to use this unique address for inter-process communication
over a lo1 loopback interface.
ip4_addr:lo1|127.0.1.1
Mark
More information about the freebsd-net
mailing list