jails and multple interfaces
cswiger at mac.com
Thu Feb 1 04:44:38 UTC 2007
Jeffrey Williams wrote:
[ ... ]
> My only concern, and what I was hoping to get more information on, is
> whether there are any potential problems with having two active ethernet
> interfaces on the same network segment, e.g. arp issues, etc.
The problem you are going to run into is that the default behavior of
FreeBSD's routing table will cause it to favor only one of the interfaces if
two or more NICs are configured onto the same subnet. You can probably
over-ride this behavior for jails by setting up some /32 routes for the jail
IPs or use IPFW to fwd certain traffic via specific interfaces.
If your switch has port aggregation capabilities (aka "port trunking"), you
could bind them together-- see "man ng_fec".
Otherwise, the normal approach really is to put the two interfaces on two
district subnets. However, if you really want to isolate the traffic due to
concern over security, you really ought to consider using two separate
machines on two separate switches handling two distinct subnets.
More information about the freebsd-stable