Date: Wed, 14 Dec 2016 15:35:32 -0600 (CST) From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu> To: "Michael Grimm" <trashcan@ellael.org> Cc: freebsd-questions@freebsd.org Subject: Re: multiple interfaces for jail.conf(1) and jail_set(2) Message-ID: <56419.128.135.52.6.1481751332.squirrel@cosmo.uchicago.edu> In-Reply-To: <45822529-2096-4B32-8515-F5875BEF7101@ellael.org> References: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <45822529-2096-4B32-8515-F5875BEF7101@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, December 14, 2016 2:30 pm, Michael Grimm wrote: > Isaac (.ike) Levy <ike@blackskyresearch.net> wrote: > >> Can I specify multiple IP interfaces and assign IP’s to them using >> jail.conf? > > Not sure if I understand your question correctly, but I do define the > following in my jail.conf for VNET jails: > > # > # host dependent global settings > # > $ip6prefixLOCAL = "fd00:dead:beef:1234"; > > # > # global jail settings > # > host.hostname = "${name}"; > path = "/usr/home/jails/${name}"; > mount.fstab = "/etc/fstab.${name}"; > exec.consolelog = "/var/log/jail_${name}_console.log"; > vnet = "new"; > vnet.interface = "epair${jailID}b"; > exec.clean; > mount.devfs; > persist; > > # > # network settings to apply/destroy during start/stop of every jail > # > exec.prestart = "sleep 2"; > exec.prestart += "/sbin/ifconfig epair${jailID} create up"; > exec.prestart += "/sbin/ifconfig bridge0 addm epair${jailID}a"; > exec.start = "/sbin/sysctl net.inet6.ip6.dad_count=0"; > exec.start += "/sbin/ifconfig lo0 127.0.0.1 up"; > exec.start += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr}"; > exec.start += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr}"; > exec.start += "/sbin/route add default -gateway 10.1.1.254"; > exec.start += "/sbin/route add -inet6 default -gateway > ${ip6prefixLOCAL}::254"; > exec.stop = "/sbin/route del default"; > exec.stop += "/sbin/route del -inet6 default"; > exec.stop += "/bin/sh /etc/rc.shutdown"; > exec.poststop = "/sbin/ifconfig epair${jailID}a destroy"; > > # > # individual jail settings > # > dns { > $jailID = 1; > $ip4_addr = 10.1.1.1; > $ip4_addr_2 = 10.1.1.2; As far as I understand, both of these IP addresses on host level are configured on the same interface (say, one of them as alias). I never tried and needed that, I actually had "multi home" host, and what I attempted to do was: have particular jail have two IPs, one through one of the host system interfaces, another, through another host interface. Both of the host interfaces were on different (public) networks, and were connected even to different network switches. This is what never worked for me; the above (which would resemble the same physical network interface) I never tried. Sorry, Isaak, if I confused you by omission. Michael, is it possible to have two addresses belonging to two different networks (through two different network interfaces)? Say, on host system: ifconfig_igb0="inet 172.20.9.22 ... ifconfig_igb1="inet 10.1.1.17 ... and in some jail $ip4_addr = 172.20.9.22; $ip4_addr_2 = 10.1.1.17; - will that work? This is what didn't work for me in the past when configured jails old style in /etc/rc.conf Thanks a lot for very instructive post!! Valeri > $ip6_addr = ${ip6prefixLOCAL}::1/64; > $ip6_addr_2 = ${ip6prefixLOCAL}::2/64; > exec.start += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr_2} alias"; > exec.start += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr_2} alias"; > exec.start += "/bin/sh /etc/rc"; > } > > etc. > > > > Again, not sure if I do understand your issue correctly, but the shown > examples of exec.start, exec.stop, etc. are quite versatile to use. > > I do start/stop my jails by "service jail start/stop". > > Hope that helps, > Michael > > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56419.128.135.52.6.1481751332.squirrel>