Re: jails and multple interfaces

On Wednesday 31 January 2007 11:06, Jeffrey Williams wrote:
Hi Folks,

I am trying to set a jail hosting server to support multiple jails for
development testing.

The server has two network interfaces, I am configuring one for host
server to use, and the other with several aliased IPs, one for each of
the jail servers.

All the services running on the host are configured to bind to the host
IP on the first interface.

The crux is both interfaces on the same network, I am seeing the
expected arp errors (e.g. kernel: arp: x.x.x.x is on int0 but got reply
on int1), now I know I set the sysctl variable
net.link.ether.inet.log_arp_wrong_iface=0 to get rid of these messages,
but what I want to know if there are any other problems I am going to
have having both interfaces live on the same network. Also even though
I have the jail host's services all binding to the first interfaces ip,
there is not guarantee that network traffic originating from the jail
host will only use its primary interface/IP, is their anyway to ensure
that the jail host does not try to talk through the interface being used
by the jails?


Why are you doing this? Are your addresses from the same network segment?
I am binding my jail addresses to loopback interface and route them - this way
you could easily start take-over jail on another machine and change routing
table (or use dynamic routing) to minimize downtime on hardware upgrades, big
OS upgrades etc. I do not consider this the best way, but it just satisfy my
needs.
Regards,
Milan

--
This address is used only for mailing list response.
Do not send any personal messages to it, use milan in
address instead.
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: jails and multple interfaces
    ... The server has two network interfaces, I am configuring one for host ... the jail servers. ... All the services running on the host are configured to bind to the host ... I want to segregate the jail and jail host traffic on separate interfaces. ...
    (freebsd-stable)
  • Suggested filter rule for the flood of 2007-07-27 14:58 GMT (1)
    ... class discusss to their jail. ... and echos in support of the railway. ... interfaces will, picture, and extract. ... The trys, heels, and orchestras are all spatial and ...
    (sci.crypt)
  • jails and multple interfaces
    ... The server has two network interfaces, I am configuring one for host server to use, and the other with several aliased IPs, one for each of the jail servers. ...
    (freebsd-stable)
  • Re: Closing information leaks in jails?
    ... > restricted devfs in the jail (devfsrules_jail for example from ... but the primary IP address of the interfaces. ... > - some interesting information about the network related stuff via netstat ...
    (FreeBSD-Security)
  • Re: jails and multple interfaces
    ... The server has two network interfaces, I am configuring one for host ... All the services running on the host are configured to bind to the host ... I have the jail host's services all binding to the first interfaces ip, ...
    (freebsd-stable)