From owner-freebsd-questions@freebsd.org Wed Dec 14 21:34:45 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0636BC8087C for ; Wed, 14 Dec 2016 21:34:45 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id B9B7414E7 for ; Wed, 14 Dec 2016 21:34:44 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 6C057CB8C9F; Wed, 14 Dec 2016 15:35:32 -0600 (CST) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Wed, 14 Dec 2016 15:35:32 -0600 (CST) Message-ID: <56419.128.135.52.6.1481751332.squirrel@cosmo.uchicago.edu> In-Reply-To: <45822529-2096-4B32-8515-F5875BEF7101@ellael.org> References: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <45822529-2096-4B32-8515-F5875BEF7101@ellael.org> Date: Wed, 14 Dec 2016 15:35:32 -0600 (CST) Subject: Re: multiple interfaces for jail.conf(1) and jail_set(2) From: "Valeri Galtsev" To: "Michael Grimm" Cc: freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 21:34:45 -0000 On Wed, December 14, 2016 2:30 pm, Michael Grimm wrote: > Isaac (.ike) Levy wrote: > >> Can I specify multiple IP interfaces and assign IP’s to them using >> jail.conf? > > Not sure if I understand your question correctly, but I do define the > following in my jail.conf for VNET jails: > > # > # host dependent global settings > # > $ip6prefixLOCAL = "fd00:dead:beef:1234"; > > # > # global jail settings > # > host.hostname = "${name}"; > path = "/usr/home/jails/${name}"; > mount.fstab = "/etc/fstab.${name}"; > exec.consolelog = "/var/log/jail_${name}_console.log"; > vnet = "new"; > vnet.interface = "epair${jailID}b"; > exec.clean; > mount.devfs; > persist; > > # > # network settings to apply/destroy during start/stop of every jail > # > exec.prestart = "sleep 2"; > exec.prestart += "/sbin/ifconfig epair${jailID} create up"; > exec.prestart += "/sbin/ifconfig bridge0 addm epair${jailID}a"; > exec.start = "/sbin/sysctl net.inet6.ip6.dad_count=0"; > exec.start += "/sbin/ifconfig lo0 127.0.0.1 up"; > exec.start += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr}"; > exec.start += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr}"; > exec.start += "/sbin/route add default -gateway 10.1.1.254"; > exec.start += "/sbin/route add -inet6 default -gateway > ${ip6prefixLOCAL}::254"; > exec.stop = "/sbin/route del default"; > exec.stop += "/sbin/route del -inet6 default"; > exec.stop += "/bin/sh /etc/rc.shutdown"; > exec.poststop = "/sbin/ifconfig epair${jailID}a destroy"; > > # > # individual jail settings > # > dns { > $jailID = 1; > $ip4_addr = 10.1.1.1; > $ip4_addr_2 = 10.1.1.2; As far as I understand, both of these IP addresses on host level are configured on the same interface (say, one of them as alias). I never tried and needed that, I actually had "multi home" host, and what I attempted to do was: have particular jail have two IPs, one through one of the host system interfaces, another, through another host interface. Both of the host interfaces were on different (public) networks, and were connected even to different network switches. This is what never worked for me; the above (which would resemble the same physical network interface) I never tried. Sorry, Isaak, if I confused you by omission. Michael, is it possible to have two addresses belonging to two different networks (through two different network interfaces)? Say, on host system: ifconfig_igb0="inet 172.20.9.22 ... ifconfig_igb1="inet 10.1.1.17 ... and in some jail $ip4_addr = 172.20.9.22; $ip4_addr_2 = 10.1.1.17; - will that work? This is what didn't work for me in the past when configured jails old style in /etc/rc.conf Thanks a lot for very instructive post!! Valeri > $ip6_addr = ${ip6prefixLOCAL}::1/64; > $ip6_addr_2 = ${ip6prefixLOCAL}::2/64; > exec.start += "/sbin/ifconfig epair${jailID}b inet ${ip4_addr_2} alias"; > exec.start += "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr_2} alias"; > exec.start += "/bin/sh /etc/rc"; > } > > etc. > > > > Again, not sure if I do understand your issue correctly, but the shown > examples of exec.start, exec.stop, etc. are quite versatile to use. > > I do start/stop my jails by "service jail start/stop". > > Hope that helps, > Michael > > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++