Multiple Jails on a single host

James B. Byrne byrnejb at harte-lyne.ca
Sat Apr 1 21:44:02 UTC 2017 

I have a FreeBSD host on which I wish to have two jails. I have set-up
the first using ezjail and the relevant information for it follows:

/etc/rc.conf

### Jailed Services
jail_enable="YES"                 # Set to NO to disable starting of
any jails
ezjail_enable="YES"               # Enable ezjail jail manager
jail_list="hlldns02"              # Space separated list of jail names

cloned_interfaces="lo1"
ipv4_addrs_lo1="192.168.209.33/32"


/usr/local/etc/ezjail/hlldns02

export jail_hlldns02_hostname="hlldns02"
export jail_hlldns02_ip="lo1|127.0.1.1,em0|192.168.209.33"
'

This jail has sshd configured and enabled.  With the jail started I
can reach it with "ssh 192.168.209.33  -t -Y 'bash || sh'".  It passes
over the host's firewall without problem.

However when I add the following additional configuration in
/etc/rc.conf to handle the second jail then I can no longer connect to
the first jail.  Instead I receive this error:

  ssh: connect to host 192.168.209.33 port 22: No route to host

If I try to ping it I get this:

ping 192.168.209.33
PING 192.168.209.33 (192.168.209.33) 56(84) bytes of data.
>From 192.168.209.2:icmp_seq=2 Redirect Host(New nexthop: 192.168.209.33)
>From 192.168.209.2:icmp_seq=3 Redirect Host(New nexthop: 192.168.209.33)
>From 192.168.209.2:icmp_seq=4 Redirect Host(New nexthop: 192.168.209.33)
>From 192.168.209.2:icmp_seq=4 Destination Host Unreachable

This is the altered configuration:

/etc/rc.conf

cloned_interfaces="lo1"
ipv4_addrs_lo1="192.168.209.33/32"
cloned_interfaces="lo2"
ipv4_addrs_lo2="192.168.209.18/32"


/usr/local/etc/ezjail/hllmx18

export jail_hllmx18_hostname="hllmx18"
export jail_hllmx18_ip="lo2|127.0.2.1,em0|192.168.209.18"



If I remove the second set of lo cloning statements from rc.conf then
the first jail starts and can be connected to but the second jail will
not start at all.

Obviously I am missing some critical piece of information respecting
jails and it seems to involve the loopback interface.  What entries
should be in /etc/rc.conf to handle the two jails I have outlined
above such that I can communicate to them directly?

Thanks.

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the freebsd-questions mailing list