From owner-freebsd-stable@FreeBSD.ORG Thu Jan 8 17:15:48 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9885D10658EE for ; Thu, 8 Jan 2009 17:15:48 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id 55D698FC1C for ; Thu, 8 Jan 2009 17:15:48 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 6CE2C19E023; Thu, 8 Jan 2009 17:58:28 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id DA37E19E019; Thu, 8 Jan 2009 17:58:25 +0100 (CET) Message-ID: <496630E9.1050600@quip.cz> Date: Thu, 08 Jan 2009 17:59:21 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: spil.oss@gmail.com References: <5fbf03c20901080207y4b0b18beod775a8ef2887f147@mail.gmail.com> <20090108105448.4cd6dcfe@dilbert.office.centralnic.com> <5fbf03c20901080310g69da867v1fc8dadcdb4ca7ae@mail.gmail.com> In-Reply-To: <5fbf03c20901080310g69da867v1fc8dadcdb4ca7ae@mail.gmail.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org Subject: Re: Problems with network in jail X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2009 17:15:50 -0000 Spil Oss wrote: > Hi Peter, > > Thanks a lot! Will read up on that. (luckily I do speak > german/swiss-german). From discussions on ##FreeBSD IRC I learned that > it is not recommended to use lo0 for jails! > > On FreeBSD-6.3 I succesfully used lo0/127.0.0.2 for my mysql jail that > needed to be addressed only locally, but ONLY LOCALLY, no other > access. It may be possible to add a line similar to > 00100 divert 8668 ip from any to any in via xl0 > to my ipfw/NAT config, but being warned, I'm not going down that path. > > Since I moved my portbuild jail to bridge0/172.17.2.17 it works as > expected, without device mem! > And to boot I made errors when creating my aliases (ifconfig bridge0 > inet 172.17.2.17 netmask *172.17.2.255* in stead of 255.255.255.0) You can create lo1 if you want: ifconfig create lo1 ifconfig lo1 inet 172.17.2.17 netmask 255.255.255.0 in rc.conf cloned_interfaces="lo1" ifconfig_lo1="inet 172.17.2.17 netmask 255.255.255.0" And then use NAT / RDR in your favorite firewall (I am using PF) Miroslav Lachman