Q. Re loopback address for jails
luzar722 at gmail.com
Tue Apr 11 19:15:13 UTC 2017
James B. Byrne via freebsd-questions wrote:
> Given that for a FreeBSD jail one clones the lo interface and assigns
> a different address than 127.0.0.1 say 127.0.33.1 what files does one
> need to change throughout the jail?
> I have modified /usr/jails/jail/etc/hosts,
> /usr/jails/jail/etc/resolv.conf and
> usr/jails/jail/etc/ssh/sshd_config. I note however that there are a
> very large number of configuration files throughout the jail that
> contain a literal value of 127.0.0.1. Do all of these need updating?
> Under /usr/jails/jail/usr/local/etc/ there are also files that
> contain 127.0.0.1 as literal values,
> /usr/jails/hlldns02/usr/local/etc/rc.d/named for example. How does
> one handle rc.d scripts that specify 127.0.0.1?
> If these all require manual alteration then why is not localhost used
> instead? Then one would only need alter the hosts file.
Anything you do for the lo0/127.0.0.1 interface in a jail is just so
much wasted effort. It's not needed nor required in all most all usage
cases. The exception is for those cases when you are running an
application in the jail that purposefully uses the lo0 interface. For
that use case only, you need to do the clone lo0 thing and change the
config file for that application to use the newly allocated
lo1/127.0.2.1 setup and leave all the other normal setting un-touched.
Take note there is no official documentation on jail(8) and the lo0
interface that gives credence to cloning the lo0 interface for all jails.
The jail-ezjail section of the handbook does talk about the cloning of
the lo0 interface for all ezjails. This is something that maybe the
author of that section thinks is a unique requirement for ezjail, but
this thinking should not be extrapolated to mean all non-ezjails also
need it. On the other hand, based on my experience using ezjail, ezjail
lo0 default usage also falls under the usage cases talked about above
and that handbook section should be corrected to reflect that, thus
removing the confusion it's current content is causing.
Just step back and think about it for a moment. If jail(8) really needed
some kind of special handling of the lo0 interface it would be very easy
to find official documentation on this subject.
In conclusion; Don't try to fix a problem that doesn't exist.
More information about the freebsd-questions