Jails, IPs and identd

Tue Aug 5 14:55:53 UTC 2008

On Tue, 5 Aug 2008, Redd Vinylene wrote:

> Hello!
>
> I have a jail with multiple IPs. It runs identd, however it only works
> from the jail's main IP:
>
> auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30
>
> How do I make it work from absolutely all IPs?
>
> Perhaps: auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN
> -t 30 -a <insert hundreds of ips here>?
>
> Thank you all!
>
> # man identd
>
>     -a      Specify one specific IP address to bind to.  Alternatively, a
>             hostname can be specified, in which case the IPv4 or IPv6 address
>             which corresponds to that hostname is used.  Usually a hostname
>             is specified when inetd is run inside a jail(8), in which case
>             the hostname corresponds to that of the jail(8) environment.
>
>             When the hostname specification is used and both IPv4 and IPv6
>             bindings are desired, one entry with the appropriate protocol
>             type for each binding is required for each service in
>             /etc/inetd.conf.  For example, a TCP-based service would need two
>             entries, one using ``tcp4'' for the protocol and the other using
>             ``tcp6''.  See the explanation of the /etc/inetd.conf protocol
>             field below.
>
It is my understanding you get one IP/jail and that multiple IPs are a work in 
progress. See http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-intro.html

A jail is characterized by four elements:
    :
* An IP address -- this will be assigned to the jail and cannot be changed in
   any way during the jail's life span. The IP address of a jail is usually an
   alias address for an existing network interface, but this is not strictly
   necessary.