Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 15 Dec 2016 14:33:41 -0600 (CST)
From:      "Valeri Galtsev" <galtsev@kicp.uchicago.edu>
To:        "Miroslav Lachman" <000.fbsd@quip.cz>
Cc:        "Michael Grimm" <trashcan@ellael.org>, freebsd-questions@freebsd.org, freebsd-jail@freebsd.org
Subject:   Re: multiple interfaces for jail.conf(1) and jail_set(2)
Message-ID:  <14885.128.135.52.6.1481834021.squirrel@cosmo.uchicago.edu>
In-Reply-To: <5852F876.5070807@quip.cz>
References:  <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <45822529-2096-4B32-8515-F5875BEF7101@ellael.org> <56419.128.135.52.6.1481751332.squirrel@cosmo.uchicago.edu> <E01E3F3B-C24B-4BF2-B0B4-1E1DF9CB296F@ellael.org> <5852F876.5070807@quip.cz>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On Thu, December 15, 2016 2:09 pm, Miroslav Lachman wrote:
> Michael Grimm wrote on 2016/12/15 19:36:
>> [cc'd to freebsd-jail@FreeBSD.org where that thread originated]
>>
>> Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote:
>>
>>> On Wed, December 14, 2016 2:30 pm, Michael Grimm wrote:
>>
>>>> #
>>>> # network settings to apply/destroy during start/stop of every jail
>>>> #
>>>> exec.prestart		 = "sleep 2";
>>>> exec.prestart		+= "/sbin/ifconfig epair${jailID} create up";
>>>> exec.prestart		+= "/sbin/ifconfig bridge0 addm epair${jailID}a";
>>>> exec.start		 = "/sbin/sysctl net.inet6.ip6.dad_count=0";
>>>> exec.start		+= "/sbin/ifconfig lo0 127.0.0.1 up";
>>>> exec.start		+= "/sbin/ifconfig epair${jailID}b inet ${ip4_addr}";
>>>> exec.start		+= "/sbin/ifconfig epair${jailID}b inet6 ${ip6_addr}";
>>>> exec.start		+= "/sbin/route add default -gateway 10.1.1.254";
>>>> exec.start		+= "/sbin/route add -inet6 default -gateway
>>>> ${ip6prefixLOCAL}::254";
>>>> exec.stop		 = "/sbin/route del default";
>>>> exec.stop		+= "/sbin/route del -inet6 default";
>>>> exec.stop		+= "/bin/sh /etc/rc.shutdown";
>>>> exec.poststop 		 = "/sbin/ifconfig epair${jailID}a destroy";
>>>>
>>>> #
>>>> # individual jail settings
>>>> #
>>>> dns {
>>>> 	$jailID		 = 1;
>>>> 	$ip4_addr	 = 10.1.1.1;
>>>> 	$ip4_addr_2	 = 10.1.1.2;
>>
>> […]
>>
>>> Michael, is it possible to have two addresses belonging to two
>>> different
>>> networks (through two different network interfaces)?
>>>
>>> Say, on host system:
>>>
>>> ifconfig_igb0="inet 172.20.9.22 ...
>>> ifconfig_igb1="inet 10.1.1.17 ...
>>>
>>>
>>> and in some jail
>>>
>>> 	$ip4_addr	 = 172.20.9.22;
>>> 	$ip4_addr_2	 = 10.1.1.17;
>>>
>>> - will that work? This is what didn't work for me in the past when
>>> configured jails old style in /etc/rc.conf
>>
>> I can't answer that because I have never tried it before.
>
>
>
> More IP addresses on more interfaces works for me for many years even in
> old rc.conf style jails.
>
> Converted to new jail.conf is something like this
>
> costa {
> host.hostname = "costa.example.com";
> ip4.addr = 94.104.135.21;
> ip4.addr += 192.168.222.57;
> }

Thanks, Miroslav. I do not recollect "ip4.addr += ..." that must have been
my problem (though I asked on mail lists and wasn't directed towards that,
got the answer "not possible", - I must have been unlucky then).

Valeri

>
> As you can see, IPs are from different networks.
> We are not using auto add / remove IP on interfaces. We don't want to
> have something else to manage IP addresses. All IPs are defined in
> rc.conf on their proper interfaces.
> In this case, first jail's IP is in bge1 and the second is on nfe0 (LAN
> interface)
>
> I already made jail using VPN assigned IP on tun0 OpenVPN interface.
>
> In another words - jail doesn't care about interfaces. If there is an IP
> in the system (on whatever interface) then you can assign it to jail and
> you can assign as many IPs as you want (up to some really high limit).
>
> Miroslav Lachman
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?14885.128.135.52.6.1481834021.squirrel>