multiple interfaces for jail.conf(1) and jail_set(2)

doug at safeport.com doug at safeport.com
Wed Dec 14 22:56:47 UTC 2016 


On Wed, 14 Dec 2016, Valeri Galtsev wrote:

>
> On Wed, December 14, 2016 2:30 pm, Michael Grimm wrote:
>> Isaac (.ike) Levy <ike at blackskyresearch.net> wrote:
>>
>>> Can I specify multiple IP interfaces and assign IP???s to them using
>>> jail.conf?

The short answer is yes. The interfaces and/or IPs are defined in the usual way 
in the host. How they are defined in the jail depends on what you use to manage 
the jails. If nothing, man jail is the thing to follow

>> Not sure if I understand your question correctly, but I do define the
>> following in my jail.conf for VNET jails:
>>
>> #
>> # host dependent global settings
>> #
>> $ip6prefixLOCAL		 = "fd00:dead:beef:1234";
>>
>> #
>> # global jail settings
>> #
>> host.hostname		 = "${name}";
>> path			 = "/usr/home/jails/${name}";
>> mount.fstab		 = "/etc/fstab.${name}";
>> exec.consolelog 	 = "/var/log/jail_${name}_console.log";
>> vnet			 = "new";
>> vnet.interface		 = "epair${jailID}b";
>> exec.clean;
>> mount.devfs;
>> persist;
>>
>> #
>> # network settings to apply/destroy during start/stop of every jail
>> #
>> exec.prestart		 = "sleep 2";
>> exec.prestart		+= "/sbin/ifconfig epair${jailID} create up";
>> exec.prestart		+= "/sbin/ifconfig bridge0 addm epair${jailID}a";
>> exec.start		 = "/sbin/sysctl net.inet6.ip6.dad_count=0";
>> exec.start		+= "/sbin/ifconfig lo0 127.0.0.1 up";
>> exec.start		+= "/sbin/ifconfig epair${jailID}b inet ${ip4_addr}";
>> exec.start		+= "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr}";
>> exec.start		+= "/sbin/route add default -gateway 10.1.1.254";
>> exec.start		+= "/sbin/route add -inet6 default -gateway
>> ${ip6prefixLOCAL}::254";
>> exec.stop		 = "/sbin/route del default";
>> exec.stop		+= "/sbin/route del -inet6 default";
>> exec.stop		+= "/bin/sh /etc/rc.shutdown";
>> exec.poststop 		 = "/sbin/ifconfig epair${jailID}a destroy";
>>
>> #
>> # individual jail settings
>> #
>> dns {
>> 	$jailID		 = 1;
>> 	$ip4_addr	 = 10.1.1.1;
>> 	$ip4_addr_2	 = 10.1.1.2;
>
> As far as I understand, both of these IP addresses on host level are
> configured on the same interface (say, one of them as alias). I never
> tried and needed that, I actually had "multi home" host, and what I
> attempted to do was: have particular jail have two IPs, one through one of
> the host system interfaces, another, through another host interface. Both
> of the host interfaces were on different (public) networks, and were
> connected even to different network switches. This is what never worked
> for me; the above (which would resemble the same physical network
> interface) I never tried. Sorry, Isaak, if I confused you by omission.
>
> Michael, is it possible to have two addresses belonging to two different
> networks (through two different network interfaces)?
>
> Say, on host system:
>
> ifconfig_igb0="inet 172.20.9.22 ...
> ifconfig_igb1="inet 10.1.1.17 ...
>
>
> and in some jail
>
> 	$ip4_addr	 = 172.20.9.22;
> 	$ip4_addr_2	 = 10.1.1.17;
>
> - will that work? This is what didn't work for me in the past when
> configured jails old style in /etc/rc.conf
>
> Thanks a lot for very instructive post!!
>
> Valeri
>
>> 	$ip6_addr	 = ${ip6prefixLOCAL}::1/64;
>> 	$ip6_addr_2	 = ${ip6prefixLOCAL}::2/64;
>> 	exec.start	+= "/sbin/ifconfig epair${jailID}b inet  ${ip4_addr_2} alias";
>> 	exec.start	+= "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr_2} alias";
>> 	exec.start	+= "/bin/sh /etc/rc";
>> }
>>
>> etc.
>>
>>
>>
>> Again, not sure if I do understand your issue correctly, but the shown
>> examples of exec.start, exec.stop, etc. are quite versatile to use.
>>
>> I do start/stop my jails by "service jail start/stop".
>>
>> Hope that helps,
>> Michael
>>
>>
>>
>> _______________________________________________
>> freebsd-jail at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
>> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
>
>
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list