On 03/07/13 05:29, Yoann Gini wrote:
Le 7 mars 2013 à 10:58, Boris Samorodov<b...@passap.ru> a écrit :
07.03.2013 12:48, Yoann Gini пишет:
I need to share this IP, I’ve only one and I would like to avoid playing with
NAT…
One IP may be shared but for different services (ports).
That what I’ve understand and what I’ve planned.
If someone have a idea…
Give some more information:
1. OS version, OS arch.
FreeBSD srv0.public.example.com 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue
Dec 4 09:23:10 UTC 2012
r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
2. Jail configuration (at least one) from /etc and LOCALBASE/etc/ezjail.
What do you want in /etc ? Except the fstab, I don’t see any config here, the
fstab look like that:
/home/jails/basejail /home/jails/front0.public.example.com/basejail nullfs ro 0 0
/usr/ports /home/jails/front0.public.example.com/usr/ports nullfs
ro 0 0
And here is the ezjail config
export jail_front0_public_example_com_hostname="front0.public.example.com"
export jail_front0_public_example_com_ip=« IPv6Prefix::80,SharedIPv4,10.42.0.2"
export
jail_front0_public_example_com_rootdir="/home/jails/front0.public.example.com"
export jail_front0_public_example_com_exec_start="/bin/sh /etc/rc"
export jail_front0_public_example_com_exec_stop=""
export jail_front0_public_example_com_mount_enable="YES"
export jail_front0_public_example_com_devfs_enable="YES"
export jail_front0_public_example_com_devfs_ruleset="devfsrules_jail"
export jail_front0_public_example_com_procfs_enable="YES"
export jail_front0_public_example_com_fdescfs_enable="YES"
export jail_front0_public_example_com_image=""
export jail_front0_public_example_com_imagetype=""
export jail_front0_public_example_com_attachparams=""
export jail_front0_public_example_com_attachblocking=""
export jail_front0_public_example_com_forceblocking=""
export jail_front0_public_example_com_zfs_datasets=""
export jail_front0_public_example_com_cpuset=""
export jail_front0_public_example_com_fib=""
3. What do you want to achieve.
I want a setup with:
— srv0 listen only for SSH on a alternate port for supervision on public IPv4/6
;
— front0 to handle any public services (web, DNS, e-mail) on public IPv4/6 ;
— service0 to handle internal services (git, redmine, AFP sharepoints…) on
private IP and SSH on a other alternate port on public IPv4/6 ;
— gateway0 to act as a VPN server and webproxy to secure access to private
services on service0 and act as a secure gateway to encrypt network traffic for
road-warriors on public network.
In the end, I will dispatch those services on different server but for now I
only access to one system, so I would like to prepare the setup to be
dispatched on different hardware when the budget come.
Actually, if I remove the SharedIPv4 from the jails, it works.
I’ve investigate more on the open socket area and I think the problem come from
Apache who still lisent on *:* even if I’ve set a Listen directive…
You're allowed to have the same address in multiple jails, but only in
the case of jails that have one address (i.e. one IPv4 address in this
case). Jails with multiple IP addresses can't share any of those
addresses with other jails. I don't know why it should work once and
then not work later though.
The jail config you show has only a single jail, so I also wonder what
it's clashing with - a clash is defined as the same IP address between
two different jails. Are there other jail configs you didn't show?
Also, there's a chance a jail has been removed but is not yet gone
(though I wouldn't expected that case in a reboot situation). Could you
run "jls -dn" immediately after the failed jail start, and tell any
output it gives?
- Jamie
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
