From owner-freebsd-questions@freebsd.org Thu Dec 15 18:36:31 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5EE2C8183B; Thu, 15 Dec 2016 18:36:31 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [IPv6:2001:41d0:1008:bcb:1:1:0:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 86427D6E; Thu, 15 Dec 2016 18:36:31 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from [IPv6:2003:8c:2e04:6401:1146:4be5:5417:d762] (p2003008C2E04640111464BE55417D762.dip0.t-ipconnect.de [IPv6:2003:8c:2e04:6401:1146:4be5:5417:d762]) by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 3tfhws4GT6zkBp; Thu, 15 Dec 2016 19:36:29 +0100 (CET) Subject: Re: multiple interfaces for jail.conf(1) and jail_set(2) Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Content-Type: text/plain; charset=utf-8 From: Michael Grimm X-Priority: 3 (Normal) In-Reply-To: <56419.128.135.52.6.1481751332.squirrel@cosmo.uchicago.edu> Date: Thu, 15 Dec 2016 19:36:28 +0100 Cc: freebsd-jail@FreeBSD.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <45822529-2096-4B32-8515-F5875BEF7101@ellael.org> <56419.128.135.52.6.1481751332.squirrel@cosmo.uchicago.edu> To: freebsd-questions@freebsd.org X-Virus-Scanned: clamav-milter 0.99.2 at mail X-Virus-Status: Clean X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 18:36:31 -0000 [cc'd to freebsd-jail@FreeBSD.org where that thread originated] Valeri Galtsev wrote: > On Wed, December 14, 2016 2:30 pm, Michael Grimm wrote: >> # >> # network settings to apply/destroy during start/stop of every jail >> # >> exec.prestart =3D "sleep 2"; >> exec.prestart +=3D "/sbin/ifconfig epair${jailID} = create up"; >> exec.prestart +=3D "/sbin/ifconfig bridge0 addm = epair${jailID}a"; >> exec.start =3D "/sbin/sysctl net.inet6.ip6.dad_count=3D0"; >> exec.start +=3D "/sbin/ifconfig lo0 127.0.0.1 up"; >> exec.start +=3D "/sbin/ifconfig epair${jailID}b inet = ${ip4_addr}"; >> exec.start +=3D "/sbin/ifconfig epair${jailID}b inet6 = ${ip6_addr}"; >> exec.start +=3D "/sbin/route add default -gateway = 10.1.1.254"; >> exec.start +=3D "/sbin/route add -inet6 default -gateway = ${ip6prefixLOCAL}::254"; >> exec.stop =3D "/sbin/route del default"; >> exec.stop +=3D "/sbin/route del -inet6 default"; >> exec.stop +=3D "/bin/sh /etc/rc.shutdown"; >> exec.poststop =3D "/sbin/ifconfig epair${jailID}a = destroy"; >>=20 >> # >> # individual jail settings >> # >> dns { >> $jailID =3D 1; >> $ip4_addr =3D 10.1.1.1; >> $ip4_addr_2 =3D 10.1.1.2; [=E2=80=A6] > Michael, is it possible to have two addresses belonging to two = different > networks (through two different network interfaces)? >=20 > Say, on host system: >=20 > ifconfig_igb0=3D"inet 172.20.9.22 ... > ifconfig_igb1=3D"inet 10.1.1.17 ... >=20 >=20 > and in some jail >=20 > $ip4_addr =3D 172.20.9.22; > $ip4_addr_2 =3D 10.1.1.17; >=20 > - will that work? This is what didn't work for me in the past when > configured jails old style in /etc/rc.conf I can't answer that because I have never tried it before. Those exec. will give you a very fine-grained control over which = commands are run at the host environment (exec.prestart, exec.poststop, = exec.poststart) or within the jail's environment (exec.start, exec.stop, = exec.prestop) in which order. Have a look at jail(8) for details (and = presumably more exec.). Therefore I am quite confident that whatever could be done with jails = might be "coded" into jail.conf. Regards, Michael