From owner-freebsd-stable@FreeBSD.ORG  Thu Jan 29 08:56:13 2009
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9EF54106564A
	for <freebsd-stable@FreeBSD.org>; Thu, 29 Jan 2009 08:56:13 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 7BEA38FC16
	for <freebsd-stable@FreeBSD.org>; Thu, 29 Jan 2009 08:56:13 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTPS id 017C546B42;
	Thu, 29 Jan 2009 03:56:13 -0500 (EST)
Date: Thu, 29 Jan 2009 08:56:12 +0000 (GMT)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Dmitry Morozovsky <marck@rinet.ru>
In-Reply-To: <alpine.BSF.2.00.0901290021000.91263@woozle.rinet.ru>
Message-ID: <alpine.BSF.2.00.0901290855010.70708@fledge.watson.org>
References: <alpine.BSF.2.00.0901290021000.91263@woozle.rinet.ru>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-stable@FreeBSD.org
Subject: Re: jail: external and localhost distinction
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2009 08:56:14 -0000

On Thu, 29 Jan 2009, Dmitry Morozovsky wrote:

> am I right concluding that under FreeBSD jail there is no way to attach two 
> processes to the same port of external interface address and localhost?
>
> I tried to move rather standard two-tier nginx(ip:80)+apache(127.1:80) 
> scheme into a jail and on apache start got
>
> [Thu Jan 29 00:09:32 2009] [crit] (48)Address already in use: make_sock: 
> could not bind to address 127.0.0.1 port 80
>
> (this is under RELENG_7 if it's relevant)
>
> Any thoughts? Thanks in advance.

The way Jail is implemented is that the jail IP is silently substituted for 
the loopback IP is used.  This has some downsides, and this is one of them. 
The virtual network stack (VIMAGE) project for FreeBSD 8.0 is intended to 
address this, among many other things, by providing full virtualization of all 
network stack data structures for jails.

Robert N M Watson
Computer Laboratory
University of Cambridge