104 lines
2.5 KiB
Markdown
104 lines
2.5 KiB
Markdown
+++
|
|
title = "gotchas with IPs and Jails"
|
|
date = "2016-06-25T19:00:00+00:00"
|
|
author = "Gibheer"
|
|
draft = false
|
|
+++
|
|
|
|
Through some problems with installing postfix and opensmtpd at the same time, I
|
|
again had the need to invest some time into FreeBSD Jails.
|
|
|
|
As I had some problems with the IP allocation, I document what I found out here.
|
|
|
|
First and foremost, I think I could have had it easier using VIMAGE/vnet, but that
|
|
still isn't enabled per default on 10.2 and 10.3, the versions I tested.
|
|
|
|
The following settings are for the jail.conf system, but can also be used on the
|
|
command line.
|
|
|
|
## configure an IP
|
|
|
|
The easiest setup is to define an IP on any interface and tell the jail system
|
|
to use a specific one.
|
|
|
|
For this example, I use the `prestart` command to define the IP on any interface.
|
|
|
|
```
|
|
# define on a public interface
|
|
jail1 {
|
|
exec.prestart = "ifconfig em0 192.168.1.2 alias";
|
|
ip4.addr = 192.168.1.2;
|
|
}
|
|
|
|
# define on loopback
|
|
jail2 {
|
|
exec.prestart = "ifconfig lo0 192.168.1.3 alias";
|
|
ip4.addr = 192.168.1.3;
|
|
}
|
|
|
|
# reuse 127.0.0.1 from the host
|
|
jail3 {
|
|
ip4.addr = 127.0.0.1;
|
|
}
|
|
```
|
|
Using this mechanism, the IP is left alone when starting or stopping the jail.
|
|
|
|
## configure an IP on an interface
|
|
|
|
When specifing an IP together with an interface, jails will take over the
|
|
life management. When the jail is started the IP is created and when stopping
|
|
the jail, the IP is removed.
|
|
|
|
The following will show some ways how to do that:
|
|
|
|
```
|
|
# set an IP on a public interface
|
|
jail1 {
|
|
ip4.addr = em0|192.168.1.2;
|
|
}
|
|
|
|
# define a loopback address
|
|
jail2 {
|
|
ip4.addr = lo0|192.168.1.3;
|
|
}
|
|
```
|
|
|
|
There is also the `interface` option, which can be used to pin every IP to that
|
|
specific interface.
|
|
|
|
```
|
|
# define two addresses on the same interface, maintained by the jail system
|
|
jail1 {
|
|
interface = em0;
|
|
ip4.addr = 192.168.1.10, 127.0.0.1;
|
|
}
|
|
```
|
|
|
|
This should be used when an IP is not used by the host or another jail. The
|
|
following example would destroy the loopback address on shutdown:
|
|
|
|
```
|
|
# removes localhost at jail shutdown
|
|
jail1 {
|
|
ip4.addr = lo0|127.0.0.1;
|
|
}
|
|
```
|
|
|
|
## mixing both options
|
|
|
|
In the case of poudriere, you have to mix both options. Poudriere wants to put
|
|
`127.0.0.1` and `::1` into the child jails, so that these have to be defined
|
|
in the poudriere jail too.
|
|
|
|
If other IPs are also needed, this can be done with the `ip4.addr` and `ip6.addr`
|
|
options.
|
|
|
|
```
|
|
# manage 192.168.1.11 using jails and use localhost unmanaged
|
|
jail1 {
|
|
ip4.addr = em0|192.168.1.11, 127.0.0.1;
|
|
}
|
|
```
|
|
|
|
Hope that helps to clarify, what exactly each option does.
|