jails and multple interfaces
Milan Obuch
freebsd-stable at dino.sk
Wed Jan 31 10:30:06 UTC 2007
On Wednesday 31 January 2007 11:06, Jeffrey Williams wrote:
> Hi Folks,
>
> I am trying to set a jail hosting server to support multiple jails for
> development testing.
>
> The server has two network interfaces, I am configuring one for host
> server to use, and the other with several aliased IPs, one for each of
> the jail servers.
>
> All the services running on the host are configured to bind to the host
> IP on the first interface.
>
> The crux is both interfaces on the same network, I am seeing the
> expected arp errors (e.g. kernel: arp: x.x.x.x is on int0 but got reply
> on int1), now I know I set the sysctl variable
> net.link.ether.inet.log_arp_wrong_iface=0 to get rid of these messages,
> but what I want to know if there are any other problems I am going to
> have having both interfaces live on the same network. Also even though
> I have the jail host's services all binding to the first interfaces ip,
> there is not guarantee that network traffic originating from the jail
> host will only use its primary interface/IP, is their anyway to ensure
> that the jail host does not try to talk through the interface being used
> by the jails?
>
Why are you doing this? Are your addresses from the same network segment?
I am binding my jail addresses to loopback interface and route them - this way
you could easily start take-over jail on another machine and change routing
table (or use dynamic routing) to minimize downtime on hardware upgrades, big
OS upgrades etc. I do not consider this the best way, but it just satisfy my
needs.
Regards,
Milan
--
This address is used only for mailing list response.
Do not send any personal messages to it, use milan in
address instead.
More information about the freebsd-stable
mailing list