From owner-freebsd-jail@FreeBSD.ORG Mon Jan 23 16:43:08 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62086106566B for ; Mon, 23 Jan 2012 16:43:08 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id 2FFE88FC17 for ; Mon, 23 Jan 2012 16:43:07 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 855BACB8C7D; Mon, 23 Jan 2012 10:43:07 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Mon, 23 Jan 2012 10:43:07 -0600 (CST) Message-ID: <38576.128.135.70.2.1327336987.squirrel@cosmo.uchicago.edu> In-Reply-To: <20120123070117.GA79715@psconsult.nl> References: <57939.69.209.76.5.1327292727.squirrel@cosmo.uchicago.edu> <20120123070117.GA79715@psconsult.nl> Date: Mon, 23 Jan 2012 10:43:07 -0600 (CST) From: "Valeri Galtsev" To: freebsd-jail@freebsd.org User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: multiple jails with multiple network interfaces X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: galtsev@kicp.uchicago.edu List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2012 16:43:08 -0000 Thanks you, Paul! As I keep repeating myself, in nothing else helps, read the manual... Knowing what I can do ipv4-wise in jail now, I'll just create multiple jails for each of services, one per IP address. Thanks a lot! Sincerely yours, Valeri On Mon, January 23, 2012 1:01 am, Paul Schenkeveld wrote: > On Sun, Jan 22, 2012 at 10:25:27PM -0600, Valeri Galtsev wrote: >> Hello! >> >> I have a FreeBSD 9.0 host that is registered in DNS to appear with >> multiple IP addresses: >> >> host some.host.com >> >> some.host.com has address a.b.c.x >> some.host.com has address a.b.d.x >> some.host.com has address a.b.e.x >> >> I built multiple jails to run one service in each following mostly: >> >> http://www.freebsd.org/doc/handbook/jails-application.html >> >> I am trying to start each of the jails with all network interfaces this >> machine has configured (with the same IP addressed as interfaces are >> configured on the host system). For that I have in jail related portion >> of >> /etc/rc.conf the following >> >> jail_enable="YES" >> jail_set_hostname_allow="NO" >> jail_list="http ftp rsync pxe" >> jail_http_hostname="some.host.com" >> jail_http_ip="a.b.c.x,a.b.d.x,a.b.e.x" >> jail_http_rootdir="/jail/http" >> ... >> jail_ftp_hostname="some.host.com" >> jail_ftp_ip="a.b.c.x,a.b.d.x,a.b.e.x" >> jail_ftp_rootdir="/jail/ftp" >> ... >> >> When I start jails: >> >> /etc/rc.d/jail start >> >> first in the list jail starts perfectly (and I can verify that service >> configured to run in it is accessible on all three public IP addresses >> of >> the machine), all other jails, however, fail to start with the message >> >> some# /etc/rc.d/jail start >> Configuring jails:. >> Starting jails: some.host.com some.host.com some.host.com ... >> cannot start jail "ftp" >> . >> >> If I only leave one IP address in each of the jais, they all start OK. >> If >> I configure some jails with different IP (on the same class C network), >> leaving first jail with multiple IP addresses, e.g.: >> >> jail_http_hostname="some.host.com" >> jail_http_ip="a.b.c.x,a.b.d.x,a.b.e.x" >> jail_http_rootdir="/jail/http" >> ... >> jail_ftp_hostname="some.host.com" >> jail_ftp_ip="a.b.c.y" >> jail_ftp_rootdir="/jail/ftp" >> ... >> >> all jails start OK (first with multiple IPs, and other with single >> different IP). If first (in order of start) jail is with single IP, and >> next jail is with multiple IPs including the IP of the first one: >> >> jail_http_hostname="some.host.com" >> jail_http_ip="a.b.c.x" >> jail_http_rootdir="/jail/http" >> ... >> jail_ftp_hostname="some.host.com" >> jail_ftp_ip="a.b.c.x,a.b.d.x,a.b.e.x" >> jail_ftp_rootdir="/jail/ftp" >> ... >> >> then jail with multiple IPs will not start. >> >> >> I tried to search, but I didn't find anybody mentioning having this >> problem or having it resolved of just having similar configuration with >> multiple IPs. >> >> Is there something obviously wrong that I'm doing? >> >> Is it possible that there is some restriction that will not allow me to >> have this configuration? > > See jail(8): > > ip4.addr > ... It is only possible to start > multiple jails with the same IP address, if none of the jails has > more than this single overlapping IP address assigned to itself. > > So jails can have the same IP4 address but that has to be the only IP4 > address of that jail, otherwise all address must be unique. > > Kind regards, > > Paul Schenkeveld > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++