Jails and IP Aliasing

Mel fbsd.questions at rachie.is-a-geek.net
Tue Jul 8 09:24:35 UTC 2008


On Monday 07 July 2008 18:51:33 David Allen wrote:

> Granted, everything is really happening over the loopback address, but a
> connection originating from the jailhost to a jail should appear to be
> using the jailhost's IP address, or so I'd like to think.  If it doesn't,
> then the scenario is awkward at best when trying to understand or debug
> issues.

To debug this, you need to 'add jail support to sockstat'. This sounds hard, 
and it is, but you can fake it, since sockstat gives you the PID. With a 
little creative scripting, you can call `ps -o state' for each PID in the 
list, look for the capital 'J' and if it is, add the 'J' to the line.

> The thought occurred to me, however, that I could add a new network card
> and reserve that for the IP aliases needed by the jails.  But I'm not sure
> whether that will work in telling me who's who, or whether I'll discover
> another gotcha.  ;-)

It will add more gotcha's, unless you put each network card in a different 
network. With the IP's given here, you tell the host that 10.0.1.0/24 is on 
fxp0, so it will never go to fxp1 for 10.0.1.4.

-- 
Mel

Problem with today's modular software: they start with the modules
    and never get to the software part.


More information about the freebsd-questions mailing list