On Sun, 16 Nov 2008, Ruben van Staveren wrote:
On 16 Nov 2008, at 11:12, Bjoern A. Zeeb wrote:
On Fri, 14 Nov 2008, Ruben van Staveren wrote:
Hi,
I ran into this issue myself, and repatched /etc/rc.d/jail to work with
this
jail_erg_ipv6="net0|2001:980:fff:96::c0a8:181" # Jail's
IP number
jail_erg_ip="192.168.1.129" # Jail's IP number
jail_erg_interface="lo0"
So default for everything is lo0, but you can override stuff by prefixing
and address with <iface>|<addr>
Have fun at http://ruben.is.verweg.com/stuff/jail
of course, YMMV
would that work as well with multiple IPs (per address family)? I kind
you mean like jail_<jailid>_ip="net0|addr1 net1|addr2" ? it does.
of lost track. An are you also supporting the netmask feature from
[EMAIL PROTECTED]
It doesn't do netmask/prefix length but that should be easy to add. btw I am
working only against RELENG_7 so I don't know of any new network features in
HEAD. Should get a new macbook soon so I can run vmware fusion to check that
out ;)
Having that working as well would be a good thing, and I'd prefer that
in constrast to "netmask 255.255.255.255". Only going with prefix
notation (which usually would be /32 or /128) instead of having an
extra jail_<name>_netmask would be something I'd be fine with even
though this seems to end up in a long and complicated list of options.
See
http://svn.freebsd.org/viewvc/base?view=revision&revision=183325
for Ruslan's commit to HEAD which had been discussed here before.
So the basic idea could be to only have
jail_<name>_ip=""
jail_<name>_ip6=""
and each of them would have a format like:
[iface|]address[/prefix]
where iface and prefix are optional and prefix only makes sense if
iface is given?
If iface is given it means configure the address with prefix to the
given interface; if prefix is not given the default would be /32 for
ipv4 and /128 for ipv6.
So now this would give really long and complicated lines in rc.conf.
Do you think we could have something like the _alias<N> for interface
addresses so that it would be like:
jail_<name>_ip="" # default
jail_<name>_ip_multi0="" # second IP of the jail
jail_<name>_ip_multi1="" # third IP of the jail
jail_<name>_ip_multi2="" # 4th IP of the jail
and similar for IPv6?
(multi might not be the best suffix)
Something along those lines?
Ruslan, what do you think about something like that? We could have
that for HEAD and 7 just now and add the _multi<N> support with the
multi-IP jail patches? Could you and Ruben work together to build
this?
Regards,
Bjoern
--
Bjoern A. Zeeb Stop bit received. Insert coin for new game.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
