multiple interfaces for jail.conf(1) and jail_set(2)
Valeri Galtsev
galtsev at kicp.uchicago.edu
Thu Dec 15 20:32:47 UTC 2016
On Thu, December 15, 2016 2:09 pm, Miroslav Lachman wrote:
> Michael Grimm wrote on 2016/12/15 19:36:
>> [cc'd to freebsd-jail at FreeBSD.org where that thread originated]
>>
>> Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
>>
>>> On Wed, December 14, 2016 2:30 pm, Michael Grimm wrote:
>>
>>>> #
>>>> # network settings to apply/destroy during start/stop of every jail
>>>> #
>>>> exec.prestart = "sleep 2";
>>>> exec.prestart += "/sbin/ifconfig epair${jailID} create up";
>>>> exec.prestart += "/sbin/ifconfig bridge0 addm epair${jailID}a";
>>>> exec.start = "/sbin/sysctl net.inet6.ip6.dad_count=0";
>>>> exec.start += "/sbin/ifconfig lo0 127.0.0.1 up";
>>>> exec.start += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr}";
>>>> exec.start += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr}";
>>>> exec.start += "/sbin/route add default -gateway 10.1.1.254";
>>>> exec.start += "/sbin/route add -inet6 default -gateway
>>>> ${ip6prefixLOCAL}::254";
>>>> exec.stop = "/sbin/route del default";
>>>> exec.stop += "/sbin/route del -inet6 default";
>>>> exec.stop += "/bin/sh /etc/rc.shutdown";
>>>> exec.poststop = "/sbin/ifconfig epair${jailID}a destroy";
>>>>
>>>> #
>>>> # individual jail settings
>>>> #
>>>> dns {
>>>> $jailID = 1;
>>>> $ip4_addr = 10.1.1.1;
>>>> $ip4_addr_2 = 10.1.1.2;
>>
>> […]
>>
>>> Michael, is it possible to have two addresses belonging to two
>>> different
>>> networks (through two different network interfaces)?
>>>
>>> Say, on host system:
>>>
>>> ifconfig_igb0="inet 172.20.9.22 ...
>>> ifconfig_igb1="inet 10.1.1.17 ...
>>>
>>>
>>> and in some jail
>>>
>>> $ip4_addr = 172.20.9.22;
>>> $ip4_addr_2 = 10.1.1.17;
>>>
>>> - will that work? This is what didn't work for me in the past when
>>> configured jails old style in /etc/rc.conf
>>
>> I can't answer that because I have never tried it before.
>
>
>
> More IP addresses on more interfaces works for me for many years even in
> old rc.conf style jails.
>
> Converted to new jail.conf is something like this
>
> costa {
> host.hostname = "costa.example.com";
> ip4.addr = 94.104.135.21;
> ip4.addr += 192.168.222.57;
> }
Thanks, Miroslav. I do not recollect "ip4.addr += ..." that must have been
my problem (though I asked on mail lists and wasn't directed towards that,
got the answer "not possible", - I must have been unlucky then).
Valeri
>
> As you can see, IPs are from different networks.
> We are not using auto add / remove IP on interfaces. We don't want to
> have something else to manage IP addresses. All IPs are defined in
> rc.conf on their proper interfaces.
> In this case, first jail's IP is in bge1 and the second is on nfe0 (LAN
> interface)
>
> I already made jail using VPN assigned IP on tun0 OpenVPN interface.
>
> In another words - jail doesn't care about interfaces. If there is an IP
> in the system (on whatever interface) then you can assign it to jail and
> you can assign as many IPs as you want (up to some really high limit).
>
> Miroslav Lachman
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the freebsd-questions
mailing list