Date: Thu, 4 Jun 2009 12:32:56 -0400 From: Glen Barber <glen.j.barber@gmail.com> To: Dirk Engling <erdgeist@erdgeist.org> Cc: freebsd-hackers@freebsd.org Subject: Re: Jails, loopback interfaces and sendmail Message-ID: <4ad871310906040932n1e78c30do773c8bc92bf547fb@mail.gmail.com> In-Reply-To: <4A27D38B.6040108@erdgeist.org> References: <4A27D38B.6040108@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Dirk On Thu, Jun 4, 2009 at 10:00 AM, Dirk Engling <erdgeist@erdgeist.org> wrote: > Dear fellow hackers, > > since jail can be bound on multiple IP addresses I tend to clone > multiple loopback interfaces and add one loopback address to each jail > > cloned_interfaces="lo1 lo2 lo3" > ifconfig_lo1_alias0="inet 127.0.0.2 netmask 0xffffffff" > ifconfig_lo2_alias0="inet 127.0.0.3 netmask 0xffffffff" > ifconfig_lo3_alias0="inet 127.0.0.4 netmask 0xffffffff" > .. > > no this is not yet optimal, since I can not run several jails on a > single external IP anymore, but at least local daemons are not visible > to the outside world, anymore. > This doesn't answer your _real_ question, but here's a suggestion. There are a few other ways you could do this with the addressing -- maybe it'll be less confusing for you. The APIPA address pool (168.254.x.x/16) is also non-routable. You could change your aliased interfaces to use this range, which may clear things up for you, and the jails will still retain their loopback address. -- Glen Barber http://www.dev-urandom.com http://www.linkedin.com/in/glenjbarber
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ad871310906040932n1e78c30do773c8bc92bf547fb>