Q. Re loopback address for jails

Ernie Luzar luzar722 at gmail.com
Tue Apr 11 19:15:13 UTC 2017

James B. Byrne via freebsd-questions wrote:
> Given that for a FreeBSD jail one clones the lo interface and assigns
> a different address than say what files does one
> need to change throughout the jail?
> I have modified /usr/jails/jail/etc/hosts,
> /usr/jails/jail/etc/resolv.conf and
> usr/jails/jail/etc/ssh/sshd_config. I note however that there are a
> very large number of configuration files throughout the jail that
> contain a literal value of  Do all of these need updating?
> Under  /usr/jails/jail/usr/local/etc/ there are also files that
> contain as literal values,
> /usr/jails/hlldns02/usr/local/etc/rc.d/named for example.  How does
> one handle rc.d scripts that specify
> If these all require manual alteration then why is not localhost used
> instead?  Then one would only need alter the hosts file.

Anything you do for the lo0/ interface in a jail is just so 
much wasted effort. It's not needed nor required in all most all usage 
cases. The exception is for those cases when you are running an 
application in the jail that purposefully uses the lo0 interface. For 
that use case only, you need to do the clone lo0 thing and change the 
config file for that application to use the newly allocated 
lo1/ setup and leave all the other normal setting un-touched.

Take note there is no official documentation on jail(8) and the lo0 
interface that gives credence to cloning the lo0 interface for all jails.

The jail-ezjail section of the handbook does talk about the cloning of 
the lo0 interface for all ezjails. This is something that maybe the 
author of that section thinks is a unique requirement for ezjail, but 
this thinking should not be extrapolated to mean all non-ezjails also 
need it. On the other hand, based on my experience using ezjail, ezjail 
lo0 default usage also falls under the usage cases talked about above 
and that handbook section should be corrected to reflect that, thus 
removing the confusion it's current content is causing.

Just step back and think about it for a moment. If jail(8) really needed 
some kind of special handling of the lo0 interface it would be very easy 
to find official documentation on this subject.

In conclusion; Don't try to fix a problem that doesn't exist.

More information about the freebsd-questions mailing list