Jails and IP Aliasing
Mel
fbsd.questions at rachie.is-a-geek.net
Tue Jul 8 09:24:35 UTC 2008
On Monday 07 July 2008 18:51:33 David Allen wrote:
> Granted, everything is really happening over the loopback address, but a
> connection originating from the jailhost to a jail should appear to be
> using the jailhost's IP address, or so I'd like to think. If it doesn't,
> then the scenario is awkward at best when trying to understand or debug
> issues.
To debug this, you need to 'add jail support to sockstat'. This sounds hard,
and it is, but you can fake it, since sockstat gives you the PID. With a
little creative scripting, you can call `ps -o state' for each PID in the
list, look for the capital 'J' and if it is, add the 'J' to the line.
> The thought occurred to me, however, that I could add a new network card
> and reserve that for the IP aliases needed by the jails. But I'm not sure
> whether that will work in telling me who's who, or whether I'll discover
> another gotcha. ;-)
It will add more gotcha's, unless you put each network card in a different
network. With the IP's given here, you tell the host that 10.0.1.0/24 is on
fxp0, so it will never go to fxp1 for 10.0.1.4.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
More information about the freebsd-questions
mailing list