can jail use 2 NICS?
Ruslan Ermilov
ru at freebsd.org
Fri Nov 21 12:49:00 PST 2008
Hi,
Have been traveling, hence long "no reply"...
On Sun, Nov 16, 2008 at 02:10:35PM +0000, Bjoern A. Zeeb wrote:
> So the basic idea could be to only have
> jail_<name>_ip=""
> jail_<name>_ip6=""
>
> and each of them would have a format like:
>
> [iface|]address[/prefix]
I'd suggest [iface:] instead.
> where iface and prefix are optional and prefix only makes sense if
> iface is given?
>
> If iface is given it means configure the address with prefix to the
> given interface; if prefix is not given the default would be /32 for
> ipv4 and /128 for ipv6.
>
> So now this would give really long and complicated lines in rc.conf.
> Do you think we could have something like the _alias<N> for interface
> addresses so that it would be like:
>
> jail_<name>_ip="" # default
> jail_<name>_ip_multi0="" # second IP of the jail
> jail_<name>_ip_multi1="" # third IP of the jail
> jail_<name>_ip_multi2="" # 4th IP of the jail
>
> and similar for IPv6?
>
> (multi might not be the best suffix)
>
> Something along those lines?
>
> Ruslan, what do you think about something like that? We could have
> that for HEAD and 7 just now and add the _multi<N> support with the
> multi-IP jail patches? Could you and Ruben work together to build
> this?
>
I think this is a good idea. My workaround with routes
I mentioned doesn't actually work, so currently we use
a version from HEAD on our production servers, and the
modified version of ezjail port that supports netmasks.
Cheers,
--
Ruslan Ermilov
ru at FreeBSD.org
FreeBSD committer
More information about the freebsd-jail
mailing list