Re: jails and multple interfaces
- From: Oliver Fromme <olli@xxxxxxxxxxxxxxxxx>
- Date: Wed, 31 Jan 2007 12:53:49 +0100 (CET)
Jeffrey Williams wrote:
I am trying to set a jail hosting server to support multiple jails for
development testing.
The server has two network interfaces, I am configuring one for host
server to use, and the other with several aliased IPs, one for each of
the jail servers.
All the services running on the host are configured to bind to the host
IP on the first interface.
The crux is both interfaces on the same network, I am seeing the
expected arp errors (e.g. kernel: arp: x.x.x.x is on int0 but got reply
on int1), now I know I set the sysctl variable
net.link.ether.inet.log_arp_wrong_iface=0 to get rid of these messages,
but what I want to know if there are any other problems I am going to
have having both interfaces live on the same network.
What exactly are your inetrface configurations and netmasks
(ifconfig output might be useful)?
You say that both NICs are on teh same network. Does that
mean they're connected to teh same switch? That's generally
not a good idea. It doesn't buy you anything (unless you
use VLAN technology or other additional measures).
Also even though
I have the jail host's services all binding to the first interfaces ip,
there is not guarantee that network traffic originating from the jail
host will only use its primary interface/IP, is their anyway to ensure
that the jail host does not try to talk through the interface being used
by the jails?
Any network traffic originating from a jail is guaranteed
to use the jail's IP address. The interface that will be
used is the one according to your routing table entry for
that IP address. (Unless you use things like IPFW FWD
or similar to redirect the packets somewhere else.)
Best regards
Oliver
PS: Be very careful when binding services to localhost
(127.0.0.1) within the jail. They will listen on the jail's
official IP address instead! For that reason I often
configure an addition address on lo0 (e.g. 127.0.0.2)
and use that one for internal-only traffic such as DNS
and mail between host and jails.
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, USt-Id: DE204219783
Any opinions expressed in this message are personal to the author and may
not necessarily reflect the opinions of secnetix GmbH & Co KG in any way.
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"In My Egoistical Opinion, most people's C programs should be indented
six feet downward and covered with dirt."
-- Blair P. Houghton
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: jails and multple interfaces
- From: Jeffrey Williams
- Re: jails and multple interfaces
- References:
- jails and multple interfaces
- From: Jeffrey Williams
- jails and multple interfaces
- Prev by Date: Re: jails and multple interfaces
- Next by Date: mpd locking system?
- Previous by thread: Re: jails and multple interfaces
- Next by thread: Re: jails and multple interfaces
- Index(es):
Relevant Pages
|
