From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 01:49:33 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B6CAB7C2 for ; Wed, 11 Jun 2014 01:49:33 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 8F3A92971 for ; Wed, 11 Jun 2014 01:49:32 +0000 (UTC) Received: from [10.1.1.2] (S01060001abad1dea.hm.shawcable.net [50.70.146.73]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id A145985CE9 for ; Wed, 11 Jun 2014 01:49:31 +0000 (UTC) Message-ID: <5397B5AD.9090505@freebsd.org> Date: Tue, 10 Jun 2014 21:49:33 -0400 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: Assign Lookback address 127.0.0.1 to jail References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org> <5397A16E.8080504@sky-ip.org> <5397A2C3.1090109@freebsd.org> <5397AE8F.8020000@sky-ip.org> In-Reply-To: <5397AE8F.8020000@sky-ip.org> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="kL65ti9oNJET1hiURTmCbWSqUiMxTorvd" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jun 2014 01:49:33 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --kL65ti9oNJET1hiURTmCbWSqUiMxTorvd Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2014-06-10 21:19, s7r@sky-ip.org wrote: > On 6/11/2014 3:28 AM, Allan Jude wrote: >> On 2014-06-10 20:23, s7r@sky-ip.org wrote: >>> On 6/11/2014 3:20 AM, Allan Jude wrote: >>>> On 2014-06-10 20:07, s7r@sky-ip.org wrote: >>>>> Hi, >>>>> >>>>> Operating system is FreeBSD 10.0 64 Bit >>>>> >>>>> I have installed ezjail from ports and properly configured a >>>>> jail with its own static and dedicated IP address. Everything >>>>> works good, it's just that I have an application which >>>>> requires to talk to another one via RPC on IP 127.0.0.1, and >>>>> I have noticed the jail does not have a lo0 interface or >>>>> localhost 127.0.0.1 IP address. >>>>> >>>>> This is bad because the application has no choice but to bind >>>>> to the public IP address assigned to the jail, and it's not >>>>> safe. >>>>> >>>>> How can I add a lo0 interface with IP 127.0.0.1 to a jail? >>>>> >>>>> Thanks in advance.=20 >>>>> _______________________________________________=20 >>>>> freebsd-jail@freebsd.org mailing list=20 >>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To=20 >>>>> unsubscribe, send any mail to=20 >>>>> "freebsd-jail-unsubscribe@freebsd.org" >>>>> >>> >>>> Does it have to be 127.0.0.1? You can add an alias like >>>> 127.0.0.2 to the lo0 interface and use that. >>> >>>> Inside the jail, 127.0.0.1 is mapped to the IP of the jail. >>> >>>> Using ezjail, you can also allocate more than 1 IP address to >>>> a jail by comma separating them >>> >>>> You can also make it automatically alias the IPs for you with >>>> the syntax: >>> >>>> em0|192.168.0.10,lo0|127.0.0.2 etc >>> >>> >>> >>> Thank you Allan for your fast reply. >>> >>> I have the jail already created via: # ezjail-admin create >>> >>> >>> How do I modify the already existing jail to have 127.0.0.2, for=20 >>> example, or can't I just have 127.0.0.1 in the jail? >>> >>> _______________________________________________=20 >>> freebsd-jail@freebsd.org mailing list=20 >>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To >>> unsubscribe, send any mail to >>> "freebsd-jail-unsubscribe@freebsd.org" >>> >=20 >> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name >=20 >> and change the line that defines the IPs >=20 >=20 > Thank you it works, with 127.0.0.2 >=20 > If I try to add 127.0.0.1 will this create any conflicts with the host > or will it work? Because i have something important listening on > hosts's 127.0.0.1 and don't want to mess up. I would need the same > configuration within the jail also, so that's why I need the .1 > localhost IP. >=20 > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 When the host and the jail share an IP, the jail wins. So, if you run sshd on both, then ssh'ing to the shared IP will goto the jail. However, if you don't run sshd in the jail and you do on the host, the connection will 'fall through' to the host. So, as long as the jail isn't going to use the same port # as your important app, you can share. --=20 Allan Jude --kL65ti9oNJET1hiURTmCbWSqUiMxTorvd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTl7WwAAoJEJrBFpNRJZKfGY0QAKaaTUQYXuzYaVaddHV+lebZ byRISbwlXVt/v5BLuPiz+51GOZW0SIqMEHMmC2eOXPmO89wc9NF7wuWb/ShtHxZW azdVfbgLO1SO0NFMUDdYdwvQ+AbxC1xOO6JKqCvBat0RdJMvIMHe/uPpmMnxdh5Z PAEsqa8LwdddOr89yJi2NXuRGmCeBF/uWvTGpssNLN0eZhP6ZVM4ZIIcy/GWPt2E mLTcq71KsioqWTTP1fa4hJOgRtWZMkURvbrWIM5RbnOEflA2xyhHMhwYia/j1zVK o3rhEsx4Ly//9GHVityGco5xM+FOosdW9po/G9dDgjaYfqfx+NE4/N+yAOF3ok6L IpS/KCwMK1wkg5ubsn/IGeObouR92/GPBysP7GRw4B2MuZhzi5j3wfXiN2lCaGmw O29On39ErcezmkchuNfekKBXOWuT4n5kLBIC8HlGYIVR9P33ueIy8l8ME6a/Zq2M nfVmuAh7u8FOl8/J4J7qXZ+GP12rlu87MkZb7RsfwNn0PRT094d2axBRrBx2DLe6 taLmHIuPj4h//0nTqoM1wpemCH7ZFgiXWRh37apWb5VUGH5EXJJIv95NEe5SjpAe UajtmcIzdVGaw0tjvYhj/oXxpmJjhfo2/M8ZZbtIqOwLkrwfox4sSmu9MMOo5iKk 6K9W2j0szUEiQIJEf1kn =+B2l -----END PGP SIGNATURE----- --kL65ti9oNJET1hiURTmCbWSqUiMxTorvd--