From owner-freebsd-jail@freebsd.org Wed Dec 14 05:43:30 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA078C7342F for ; Wed, 14 Dec 2016 05:43:30 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 707BA18C7 for ; Wed, 14 Dec 2016 05:43:30 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [10.1.1.2] (unknown [10.1.1.2]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 5E5AFD6FC for ; Wed, 14 Dec 2016 05:43:28 +0000 (UTC) Subject: Re: multiple interfaces for jail.conf(1) and jail_set(2) To: freebsd-jail@freebsd.org References: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <11488.128.135.52.6.1481666606.squirrel@cosmo.uchicago.edu> From: Allan Jude Message-ID: <02b85a36-007b-605d-7ab0-c9e56495d86e@freebsd.org> Date: Wed, 14 Dec 2016 00:43:27 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="f9KsCC1sGLe5h9Vmo8r1N9DjxKTbLujju" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 05:43:30 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --f9KsCC1sGLe5h9Vmo8r1N9DjxKTbLujju Content-Type: multipart/mixed; boundary="1pxRh7M0npfPIQwOWrx3dmJ2c5ug6dgoK"; protected-headers="v1" From: Allan Jude To: freebsd-jail@freebsd.org Message-ID: <02b85a36-007b-605d-7ab0-c9e56495d86e@freebsd.org> Subject: Re: multiple interfaces for jail.conf(1) and jail_set(2) References: <0ED7F403-F14E-4A72-8E54-AF74AAE15061@blackskyresearch.net> <11488.128.135.52.6.1481666606.squirrel@cosmo.uchicago.edu> In-Reply-To: --1pxRh7M0npfPIQwOWrx3dmJ2c5ug6dgoK Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2016-12-13 23:47, Isaac (.ike) Levy wrote: > Hi Valeri, >=20 >> On Dec 13, 2016, at 5:03 PM, Valeri Galtsev wrote: >> >> On Tue, December 13, 2016 2:14 pm, Isaac (.ike) Levy wrote: >>> Hi All, >>> >>> Can I specify multiple IP interfaces and assign IP=C3=A2=C2=80=C2=99s= to them using >>> jail.conf? >>> I have jails with IPv4/IPv6 addresses on multiple physical interfaces= , as >>> well as assigning a loopback. >> >> Last time I tried it which was about year and a half ago the answer wa= s: >=20 > Just to clarify your answer, >=20 >> no, this is not possible. Jail can only have one IP address (in additi= on >> to loopback addresses). >=20 > Do you mean this just for jail.conf configuration/usage? >=20 > If so, from all I=E2=80=99ve read and tried, that makes complete sense,= and makes me sad as it prevents me from using the slickness of jail.conf= (1) and jail_set(2) - not yet :) >=20 > -- > However, to be very clear for the list archive, jails can most definate= ly have many IP addresses, (since between FreeBSD 7 and 8 I believe?), in= cluding loopback, (which is just an IP address like any other), >=20 > For example, >=20 > # ifconfig em0 inet alias 10.10.10.10/32 > # ifconfig em1 inet alias 10.10.10.11/32 > # ifconfig lo0 inet alias 127.0.0.11/32 > # ifconfig em0 inet6 alias 2:2:2:2::10 prefixlen 64 > # jail -c path=3D/some/place host.hostname=3Dmyjail ip4.addr=3D=E2=80=9C= 10.10.10.10,10.10.10.11,127.0.0.11" ip6.addr=3D"2:2:2:2::10" command=3D/b= in/sh /etc/rc >=20 > Best, > .ike >=20 >=20 > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 In ezjail I can just do this: export jail_something_scaleengine_net_ip=3D"vlan43|10.0.0.17,vlan43|2001:470:1::= 1:6667,lo0|127.0.3.1" If you include the interface name like that, it will automatically add the alias when the jail starts, and remove it when the jail stops (simplifying the task of moving the jail to a different host) If the IP is already bound to the machine, just use the comma separated list of IPs. --=20 Allan Jude --1pxRh7M0npfPIQwOWrx3dmJ2c5ug6dgoK-- --f9KsCC1sGLe5h9Vmo8r1N9DjxKTbLujju Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJYUNv/AAoJEBmVNT4SmAt+94EP/AoMUo3sKE44gl7CrDKmKiv+ UOG4w8TOTLvtXlBWd2rZYGIe3qtfB1B2lyK877TZEbb1Y1j9KbyfYKu5aCV1Gk5f 2f7UKGxDDC45HoBoQ2/uNFEumb4RaLKSiqX2Bp5DxtFnaF6sEkM0eBubLCXsCaDR b9RerNfka/xnJ1BpmAORAb99e5IDjt4hSLhkNlMgQGQgCHQ5q40nWvEjd2MaaXa8 wzTf+fBRGItvnaRKR+SSGNCwb0QXuVaB+FTnCBWWif6dwIedkImWrm6vQ3IQ/Gxm kVRVhXWBYAgYdUvBifVEZ/oXtm5/Id/nNsR60wrjKZqE7vjagNfgXFbFig0lA2YL 5a4SeHsQT31YpGg5XyYyl2ULitN5RgMe70sDyliUuGqbcayHf9t8MuDqIXCOq5Jj dvHwa4lm4HHjpLPvpKEW2TuhjKCVPAHqs/o+AxZUO5n2pxllDClaA//PRwzWkG7J lzWAed4QY/nVMoV5xc5xck0brwVQ8+hTzrE7vAoWVUcsp9HkviKqU3e1IIsU/3Dt 7ZlziBsDi14oNzKyhct5RgkGSDS+HIKjy6tO8LCMsTshxkm3S4wcNmVsFMyIklm5 zYc0E7wkYcC79O6TkMtJT1EFZI97rUuxkZ1iZ8n7CrDK4xDOwVlP1x611w4yDS0U AJGBVyhAIW2lZOeeLjkl =HexK -----END PGP SIGNATURE----- --f9KsCC1sGLe5h9Vmo8r1N9DjxKTbLujju--