Jail with public IP alias

Alejandro Imass aimass at yabarana.com
Wed Aug 28 14:25:10 UTC 2013 

On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt <frank2 at fjl.co.uk> wrote:
> On28/08/2013 00:19, Patrick wrote:
>>
>> On Tue, Aug 27, 2013 at 3:42 PM, Alejandro Imass <aimass at yabarana.com>
>> wrote:
>>>

[...]

>
> (Tidied up so all now bottom posted)
>
> I can confirm that you shouldn't be seeing this behaviour because I don't. I
> don't use EzJail - i prefer "vi". Seriously, setting up a jail is very
> straightforward anyway, and when I tried ezjail I found it was doing stuff I
> didn't like, so dropped it early on. It was a long time ago and I've
> forgotten the specifics.
>
> I guess if you're using it your new to this particular game, so please
> excuse me pointing out a few basics here.
>

We use Ezjail not because it's easy or because we're new to jails, I
think you might be confused on what EzJail actually is and why people
use it. We use it because we manage a private cloud exclusively based
on FBSD with about a dozen servers with a couple dozen jails each. I
use EzJail because it allows us to manage just shy of 300 separate
environments with only a couple of sysadmins, and with optimized
system resources. We use it because IT ROCKS.

> Although I can't exactly see how this would cause a problem, remember that
> many service will bind to ALL IP addresses when they start up, and if they

[...]

> I can't see a mechanism that would get the results you're seeing, but I
> don't know what ezjail might be doing. I suspect your problem is with ezjail
> or something bizzare on your network config; can you try it manually?

After my OP I immediately sent out second mail stating that the
problem is not with Jails or EzJail and it's related to the way that
aliases behave on a network interface card. When you have aliases that
are on the same subnet, the source IP is the primary IP , that is the
first IP set on that network device. You can test this with out jails
with a simple ssh connection to another server and then typing who.
Even if you force ssh to bind to a particular IP using -b it will
still show the primary IP. If you have aliases on different subnets
this will not happen.

Best,

-- 
Alejandro Imass

More information about the freebsd-questions mailing list