On Tue, 22 Dec 2009, Mel Flynn wrote: Hi,
first of all this would find more people to help on freebsd-jail as it has nothing to do with hackers ;-)
I don't see this documented in jail(8) nor rc(8) nor defaults/rc.conf, so is it possible to have 2 IP's on 2 ethernet interfaces? And if so, is it settable for rc(8)? The usage case is to have the same jailed proxy server on two seperate internal networks. Ideally, the proxy will use one address for outgoing, so I guess I'll need a default route or dive into the squid config. At present I have: ifconfig_bge0="inet 192.168.177.60 netmask 255.255.255.0" ifconfig_em0="inet 192.168.176.60 netmask 255.255.255.0" ifconfig_em0_alias0="inet 192.168.176.62 netmask 255.255.255.255" jail_squid_rootdir="/usr/squid" jail_squid_ip="192.168.177.62" jail_squid_ip_multi0="192.168.176.62" jail_squid_interface="bge0" But this created the IP on bge0 even though one exists on em0. Is it as simple as not specifying the interface and add the 177.62 alias on bge0? Ideally I'd have a jail_$jail_ip_multi$aliasno_interface="foo0", but my main worry is that the jail infrastructure understands the routing involved.
From what you are writing I assume that you are on FreeBSD 7.2-Release
or later; no official FreeBSD version before had supported multiple-IPs with a jail. What it did was what you were asking for. That's the problem. 1) either use ifconfig 2) or use jail + interfaces 3) but do not mix them (especially not overlapping) So I would suggest to do it like this: # Base system IPs. ifconfig_bge0="inet 192.168.177.60/24" ifconfig_em0="inet 192.168.176.60/24" jail_squid_rootdir="/usr/squid" # Either use: jail_squid_ip="bge0|192.168.177.62/32,em0|192.168.176.62/32" # or: jail_squid_ip="bge0|192.168.177.62/32" jail_squid_ip_multi0="em0|192.168.176.62/32" but do not use jail_squid_interface=".." as that will be a global default for that jail. As you can see, I removed the ifconfig_em0_alias0 line. If you want to keep that and mix things then you could do: jail_squid_ip="bge0|192.168.177.62/32" jail_squid_ip_multi0="192.168.176.62/32" again without the jail_squid_interface=".." line. HTH /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[email protected]"
