Hi, Dirk On Thu, Jun 4, 2009 at 10:00 AM, Dirk Engling <[email protected]> wrote: > Dear fellow hackers, > > since jail can be bound on multiple IP addresses I tend to clone > multiple loopback interfaces and add one loopback address to each jail > > cloned_interfaces="lo1 lo2 lo3" > ifconfig_lo1_alias0="inet 127.0.0.2 netmask 0xffffffff" > ifconfig_lo2_alias0="inet 127.0.0.3 netmask 0xffffffff" > ifconfig_lo3_alias0="inet 127.0.0.4 netmask 0xffffffff" > .. > > no this is not yet optimal, since I can not run several jails on a > single external IP anymore, but at least local daemons are not visible > to the outside world, anymore. >
This doesn't answer your _real_ question, but here's a suggestion. There are a few other ways you could do this with the addressing -- maybe it'll be less confusing for you. The APIPA address pool (168.254.x.x/16) is also non-routable. You could change your aliased interfaces to use this range, which may clear things up for you, and the jails will still retain their loopback address. -- Glen Barber http://www.dev-urandom.com http://www.linkedin.com/in/glenjbarber _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[email protected]"
