configuration of multiple IPs for a jail
Jase Thew
bazerka at beardz.net
Thu Jan 28 22:38:05 UTC 2010
On 27/01/2010 02:08, tom at diogunix.com wrote:
> Greetings to the community. That's my first post to this list.
> I run a mailserver (postfix/dovecot) in a jail on a 7.2 stable system.
> My question is about configuring multiple IP addresses for that jail.
> My IP configuration is just done via
> # jail blabla 123.123.123.249,123.123.123.227,123.123.123.248 blabla
>
> I want to use 123.123.123.249 as my primary IP within the jail and futhermore
> use the same IP for outgoing SMTP connections.
>
> Everything works nice so far. The only issue is, that postfix obviously insists
> to use the second IP (227) to send out the Emails though it should use the
> primary IP (249). Trying to bind postfix to the right address did not help.
> I've read tons about jail configuration but could not find the one hint needed.
>
> So my question is:
> Does a jail always use the 'lowest' IP from a bunch of multiple IPs given with
> the jail start command ? I can't find any other explanation. Nothing else
> points to the 227 address. And if true - is there a way to change this
> behaviour ?
>
> Thanks a lot in advance
> Tom
>
Hi Tom,
This behaviour has been addressed in RELENG_7 recently with r202924 [1].
This commit allows you to set : sysctl security.jail.ip4_saddrsel 0 ,
which makes the kernel use the first IP passed to jail (8) as the
default source address instead of the default behaviour which picks the
first matching ip for that jail on the interface.
A workaround (if you're not able to update to a RELENG_7 following that
commit) is to reorder your interface aliases in /etc/rc.conf ,so that
your primary jail ip has a lower alias # than any secondary ips for that
jail.
Hope this helps,
Jase.
[1] http://svn.freebsd.org/changeset/base/202924
More information about the freebsd-jail
mailing list