Assign Lookback address 127.0.0.1 to jail
Jason Hellenthal
jhellenthal at dataix.net
Wed Jun 11 01:46:38 UTC 2014
You could just go with building the host kernel with VIMAGE . . . Then each jail has its own virtual network stack.
--
Jason Hellenthal
Voice: 95.30.17.6/616
JJH48-ARIN
> On Jun 10, 2014, at 21:19, "s7r at sky-ip.org" <s7r at sky-ip.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> On 6/11/2014 3:28 AM, Allan Jude wrote:
>>> On 2014-06-10 20:23, s7r at sky-ip.org wrote:
>>>> On 6/11/2014 3:20 AM, Allan Jude wrote:
>>>>> On 2014-06-10 20:07, s7r at sky-ip.org wrote:
>>>>> Hi,
>>>>>
>>>>> Operating system is FreeBSD 10.0 64 Bit
>>>>>
>>>>> I have installed ezjail from ports and properly configured a
>>>>> jail with its own static and dedicated IP address. Everything
>>>>> works good, it's just that I have an application which
>>>>> requires to talk to another one via RPC on IP 127.0.0.1, and
>>>>> I have noticed the jail does not have a lo0 interface or
>>>>> localhost 127.0.0.1 IP address.
>>>>>
>>>>> This is bad because the application has no choice but to bind
>>>>> to the public IP address assigned to the jail, and it's not
>>>>> safe.
>>>>>
>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a jail?
>>>>>
>>>>> Thanks in advance.
>>>>> _______________________________________________
>>>>> freebsd-jail at freebsd.org mailing list
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>>>> unsubscribe, send any mail to
>>>>> "freebsd-jail-unsubscribe at freebsd.org"
>>>
>>>> Does it have to be 127.0.0.1? You can add an alias like
>>>> 127.0.0.2 to the lo0 interface and use that.
>>>
>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the jail.
>>>
>>>> Using ezjail, you can also allocate more than 1 IP address to
>>>> a jail by comma separating them
>>>
>>>> You can also make it automatically alias the IPs for you with
>>>> the syntax:
>>>
>>>> em0|192.168.0.10,lo0|127.0.0.2 etc
>>>
>>>
>>>
>>> Thank you Allan for your fast reply.
>>>
>>> I have the jail already created via: # ezjail-admin create
>>> <jailname> <em0|public IP>
>>>
>>> How do I modify the already existing jail to have 127.0.0.2, for
>>> example, or can't I just have 127.0.0.1 in the jail?
>>>
>>> _______________________________________________
>>> freebsd-jail at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>> unsubscribe, send any mail to
>>> "freebsd-jail-unsubscribe at freebsd.org"
>>
>> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name
>>
>> and change the line that defines the IPs
>
> Thank you it works, with 127.0.0.2
>
> If I try to add 127.0.0.1 will this create any conflicts with the host
> or will it work? Because i have something important listening on
> hosts's 127.0.0.1 and don't want to mess up. I would need the same
> configuration within the jail also, so that's why I need the .1
> localhost IP.
>
> - --
> s7r
> PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
> PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJTl66PAAoJEIN/pSyBJlsR3kQIAMONQ/3FrX9tQBbdJRc7N3eP
> a/fIOnBYWZCu7ad0DF2NXfOIzfrQBuKCGhm3CLQmzVGw0k/fdD/Yu/U9/kdjgI/n
> A/ZELHZmowQPfao8tK6eSqeOmw6gNzhCth5ILfH0CJvvarjBXUi7ygHhwzB1U97n
> sqJzKv8cDAVf67Sd3YbNNa2FoXdM32esEpsjnB8dJEF9ijzv54ovXdREYZhgkibX
> IN1XcsfUGLdtZDL14+JXlTOaBDk9WgUuoEcsWeAZtM8VVaTiN/QqYbywf598hxLN
> 5G3AyyfUrLAq4z2RjnzZ2SGAIqv42CyE4MSf3Sft/fFNRExxiq3xAoWmwaTqRnk=
> =3gqI
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6118 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20140610/6f35b44c/attachment.bin>
More information about the freebsd-jail
mailing list