From owner-freebsd-jail@FreeBSD.ORG Mon Jan 10 17:14:35 2011 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D280106564A for ; Mon, 10 Jan 2011 17:14:35 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 4B8458FC16 for ; Mon, 10 Jan 2011 17:14:34 +0000 (UTC) Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id C31C819E036; Mon, 10 Jan 2011 18:14:33 +0100 (CET) Received: from [192.168.1.2] (ip-86-49-61-235.net.upcbroadband.cz [86.49.61.235]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 1436719E031; Mon, 10 Jan 2011 18:14:31 +0100 (CET) Message-ID: <4D2B3E76.4060307@quip.cz> Date: Mon, 10 Jan 2011 18:14:30 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.16) Gecko/20101123 SeaMonkey/2.0.11 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Peter_Ankerst=E5l?= References: <4D2B179C.8000408@pean.org> <4D2B2A3F.2040202@pean.org> In-Reply-To: <4D2B2A3F.2040202@pean.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-jail@freebsd.org Subject: Re: Multiple interfaces X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jan 2011 17:14:35 -0000 Peter Ankerstål wrote: > On 01/10/11 16:45, Stefan Bethke wrote: >> Am 10.01.2011 um 15:28 schrieb Peter Ankerstål: >> >>> I want access to a public and a private network from a jail. >>> >>> Can I configure a jail with multiple interfaces? >> Yes, see rc.conf(5): >> jail__ip >> (str) Unset by default. Set to the (primary) IPv4 and/or >> IPv6 address(es) assigned to the jail. The argument can be a >> sole address or a comma separated list of addresses. Addi- >> tionally each address can be prefixed by the name of an >> interface followed by a pipe to overwrite >> jail__interface or jail_interface and/or suffixed by a >> netmask, prefixlen or prefix. In case no netmask, prefixlen >> or prefix is given, `/32' will be used for IPv4 and `/128' >> will be used for an IPv6 address. If no address is given for >> the jail then the jail will be started with no networking >> support. >> >> Assuming that the private and the public networks are attached to em0 >> and em1, respectively, you'd set >> jail_myjail_ip="em0|172.17.43.3,em1|192.0.2.27" >> in rc.conf. >> >> >> Stefan >> > Oh, thanks! > > Sorry about that. But the "pipe" part is very hard to miss in the manual. You don't need to specify interface name (em0,em1) if you do not use auto adding / removing IP addresses on interfaces (if you do not have jail__interface). I have IP adresses defined in rc.conf in the standard way as ifconfig_bge1="inet ... ifconfig_bge1_alias0="inet ... ifconfig_nfe0="inet 192.168.22.56 netmask 255.255.255.0" ifconfig_nfe0_alias0="inet 192.168.22.57 netmask 255.255.255.0" jail_alpha_ip="1.2.3.4" jail_alpha_ip_multi0="192.168.22.57" or just jail_alpha_ip="1.2.3.4,192.168.22.57" The jail will use these addresses as they are on a different interfaces. Miroslav Lachman