Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Dec 2016 15:35:32 -0600 (CST)
From:      "Valeri Galtsev" <galtsev@kicp.uchicago.edu>
To:        "Michael Grimm" <trashcan@ellael.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: multiple interfaces for jail.conf(1) and jail_set(2)
Message-ID:  <56419.128.135.52.6.1481751332.squirrel@cosmo.uchicago.edu>
In-Reply-To: <45822529-2096-4B32-8515-F5875BEF7101@ellael.org>
References:  <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <45822529-2096-4B32-8515-F5875BEF7101@ellael.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On Wed, December 14, 2016 2:30 pm, Michael Grimm wrote:
> Isaac (.ike) Levy <ike@blackskyresearch.net> wrote:
>
>> Can I specify multiple IP interfaces and assign IP’s to them using
>> jail.conf?
>
> Not sure if I understand your question correctly, but I do define the
> following in my jail.conf for VNET jails:
>
> #
> # host dependent global settings
> #
> $ip6prefixLOCAL		 = "fd00:dead:beef:1234";
>
> #
> # global jail settings
> #
> host.hostname		 = "${name}";
> path			 = "/usr/home/jails/${name}";
> mount.fstab		 = "/etc/fstab.${name}";
> exec.consolelog 	 = "/var/log/jail_${name}_console.log";
> vnet			 = "new";
> vnet.interface		 = "epair${jailID}b";
> exec.clean;
> mount.devfs;
> persist;
>
> #
> # network settings to apply/destroy during start/stop of every jail
> #
> exec.prestart		 = "sleep 2";
> exec.prestart		+= "/sbin/ifconfig epair${jailID} create up";
> exec.prestart		+= "/sbin/ifconfig bridge0 addm epair${jailID}a";
> exec.start		 = "/sbin/sysctl net.inet6.ip6.dad_count=0";
> exec.start		+= "/sbin/ifconfig lo0 127.0.0.1 up";
> exec.start		+= "/sbin/ifconfig epair${jailID}b inet ${ip4_addr}";
> exec.start		+= "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr}";
> exec.start		+= "/sbin/route add default -gateway 10.1.1.254";
> exec.start		+= "/sbin/route add -inet6 default -gateway
> ${ip6prefixLOCAL}::254";
> exec.stop		 = "/sbin/route del default";
> exec.stop		+= "/sbin/route del -inet6 default";
> exec.stop		+= "/bin/sh /etc/rc.shutdown";
> exec.poststop 		 = "/sbin/ifconfig epair${jailID}a destroy";
>
> #
> # individual jail settings
> #
> dns {
> 	$jailID		 = 1;
> 	$ip4_addr	 = 10.1.1.1;
> 	$ip4_addr_2	 = 10.1.1.2;

As far as I understand, both of these IP addresses on host level are
configured on the same interface (say, one of them as alias). I never
tried and needed that, I actually had "multi home" host, and what I
attempted to do was: have particular jail have two IPs, one through one of
the host system interfaces, another, through another host interface. Both
of the host interfaces were on different (public) networks, and were
connected even to different network switches. This is what never worked
for me; the above (which would resemble the same physical network
interface) I never tried. Sorry, Isaak, if I confused you by omission.

Michael, is it possible to have two addresses belonging to two different
networks (through two different network interfaces)?

Say, on host system:

ifconfig_igb0="inet 172.20.9.22 ...
ifconfig_igb1="inet 10.1.1.17 ...


and in some jail

 	$ip4_addr	 = 172.20.9.22;
 	$ip4_addr_2	 = 10.1.1.17;

- will that work? This is what didn't work for me in the past when
configured jails old style in /etc/rc.conf

Thanks a lot for very instructive post!!

Valeri

> 	$ip6_addr	 = ${ip6prefixLOCAL}::1/64;
> 	$ip6_addr_2	 = ${ip6prefixLOCAL}::2/64;
> 	exec.start	+= "/sbin/ifconfig epair${jailID}b inet  ${ip4_addr_2} alias";
> 	exec.start	+= "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr_2} alias";
> 	exec.start	+= "/bin/sh /etc/rc";
> }
>
> etc.
>
>
>
> Again, not sure if I do understand your issue correctly, but the shown
> examples of exec.start, exec.stop, etc. are quite versatile to use.
>
> I do start/stop my jails by "service jail start/stop".
>
> Hope that helps,
> Michael
>
>
>
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?56419.128.135.52.6.1481751332.squirrel>