From owner-freebsd-questions@FreeBSD.ORG  Mon Apr  6 15:25:31 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 81699962
 for <freebsd-questions@freebsd.org>; Mon,  6 Apr 2015 15:25:31 +0000 (UTC)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
 [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.infracaninophile.co.uk",
 Issuer "ca.infracaninophile.co.uk" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 0A8257C3
 for <freebsd-questions@freebsd.org>; Mon,  6 Apr 2015 15:25:30 +0000 (UTC)
Received: from seedling.local ([192.168.100.2]) (authenticated bits=0)
 by smtp.infracaninophile.co.uk (8.15.1/8.15.1) with ESMTPSA id t36FPMpl094181
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <freebsd-questions@freebsd.org>; Mon, 6 Apr 2015 16:25:23 +0100 (BST)
 (envelope-from m.seaman@infracaninophile.co.uk)
Authentication-Results: smtp.infracaninophile.co.uk;
 dmarc=none header.from=infracaninophile.co.uk
DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t36FPMpl094181
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=infracaninophile.co.uk; s=201001-infracaninophile; t=1428333923;
 bh=DKdziLkYfvw2XorshI5SXncvJsT/Tv39WyT46PVzGGA=;
 h=Date:From:To:Subject:References:In-Reply-To;
 z=Date:=20Mon,=2006=20Apr=202015=2016:25:13=20+0100|From:=20Matthew
 =20Seaman=20<m.seaman@infracaninophile.co.uk>|To:=20freebsd-questi
 ons@freebsd.org|Subject:=20Re:=20how=20to=20do=20interval=20jail=2
 0ips|References:=20<552297B5.1030203@artem.ru>=20<55229C4E.5050504
 @gmail.com>=20<55229DE1.5050700@artem.ru>|In-Reply-To:=20<55229DE1
 .5050700@artem.ru>;
 b=d4Ju9Cnz6A71Nt/tIc+Oq+LU45k6Jx7QjghpGnPVk/gwoSzW3Lg3vjM0fz0BBpHbe
 UulUO72GNKNia+boZ586wjXYpNqJBYnln/99T9fnhdSPGRlLtq3oKJ3LxzgV2rwK5K
 RizAlkxkN1BASMxnaIoxCuGY2e/61TYpa9ON78BU=
X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host
 [192.168.100.2] claimed to be seedling.local
Message-ID: <5522A559.8050407@infracaninophile.co.uk>
Date: Mon, 06 Apr 2015 16:25:13 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10;
 rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: Re: how to do interval jail ips
References: <552297B5.1030203@artem.ru> <55229C4E.5050504@gmail.com>
 <55229DE1.5050700@artem.ru>
In-Reply-To: <55229DE1.5050700@artem.ru>
OpenPGP: id=C07BF5E310AE64BF6120B0F636A7C05FE1ECF9BB
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="eQKprpiKVlLkIDrGTHfVG40lC1JHeQaPc"
X-Virus-Scanned: clamav-milter 0.98.6 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,URIBL_BLOCKED autolearn=ham
 autolearn_force=no version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 lucid-nonsense.infracaninophile.co.uk
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2015 15:25:31 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--eQKprpiKVlLkIDrGTHfVG40lC1JHeQaPc
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 06/04/2015 15:53, Artem Kuchin wrote:
> 06.04.2015 17:46, Ernie Luzar =D0=BF=D0=B8=D1=88=D0=B5=D1=82:
>> Artem Kuchin wrote:
>>> Hello!
>>>
>>> I have several jails and some of the use real ips, some are just
>>> internal for the server like 10.0.0.x
>>> However, i assigned all ips to the external em0 interface.
>>> This causes problems, because of server in the same lan have 10.0.0.x=

>>> address of their interfaces too.
>>> So, there is a conflict.
>>> This is just a colocation, so, i cannot control the ip assignment.
>>>
>>> What is the correct way to assign ip address which are seen only
>>> withing a host?
>>> (some kind of virtual NIC)
>>>
>>> Artem
>>>
>>
>> xl0,10.0.10.2   for lan on device xl0
>>
>> em0,x.x.x.x   for rl0 device facing pubic internet
>>
>> use the correct device names for you network configuration
>>
>=20
> i don't get it. I do not have xl0 device
> I only have em0
> Or i can specify whatever device i like even if it is not installed in
> the server?

You can create jail IPs bound to the loopback interface lo0 exactly as
you would for a standard NIC.

Be aware though that if you assign your internal IPs from, say,
10.11.0.0/24 that will mean you would have trouble reaching anything on
that particular subnet via your network interface.  However as this will
be entirely internal to your machine, you could choose whatever IPs you
liked -- but preferably use ones from the RFC1918[*] defined ranges.

	Cheers,

	Matthew

[*] Technically RFC6761 nowadays, but that covers a lot more than just
the reserved private address ranges.


--=20
Dr Matthew J Seaman MA, D.Phil.

PGP: http://www.infracaninophile.co.uk/pgpkey
JID: matthew@infracaninophile.co.uk


--eQKprpiKVlLkIDrGTHfVG40lC1JHeQaPc
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iQJ8BAEBCgBmBQJVIqViXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkAT08YP/2Cn3UiYyLUo7MVmey4GEXB2
M+1g4UbUCnhlbJv0AZvLtoHblmosejYFiSNzDCNoP88vGAREoQIxVOA67JEplvB3
DYvEpo3mScTlXOnLf9ueNHGgsxi1q6nl2w5KObcGo0OF5Defjpak2BQZd3gmkYls
G4FmQwMieSiRhDQCWAquYOJCt8qPZcoOg+dOUwncb/W+4bUVlCIOhl/+WnecRD2h
U5e0h54byyEjnJriIApxGjzxdv3RFCwqjwEX2yksWc+eJnJa0+Pc+H+0cI+f2lA0
w3hIHC2bMauRkgSeK37lnTz2ZAkou/OJyTiqGrObP+x9X/76jTkHRihLmsfK68ll
P0mQGXQm0H4kOCt6P7KFvuuybPOUdrNFWn79gDSb6ti2ohRDPMNH7elTfDg0a0qK
ZS2P9aCzvUkWn2AQGeZOtgJPN3hBsHB76VMvY+5iugqgG/C+aKRFCzIZFvPaLF0O
pUxgCdCQKNufWEzieEE+eroSVPR6Bw+p4P2alA+B1DLNyvmdA8gptGi6leQiHPTz
pQ0bF3vOxG6nHcAicbUHZyJIg/BQDzS3xEmB1AtG6gltWF2TvA4of0liPUUGYm2q
00PQvyRGJwSJoofQW6pDR8y1ldGUR7uiG1UVLLEIABtgEVFuDounvFG7Bn8gKtbr
DasFd/60QgA4gU6BwRYB
=8NOS
-----END PGP SIGNATURE-----

--eQKprpiKVlLkIDrGTHfVG40lC1JHeQaPc--