I'm testing out a FreeBSD VPS with FBSD 8.1RC2. I've got 1 "real" ethernet interface, which has my public IP. The plan is to jail everything on non-routable IPs and use PF to redirect traffic to the internal jails.
I installed 2 DNS server jails: one for internal caching and one to be my domain's primary name server. I ran into the problem of jails on the same interface (my only one) not being able to bind to the same port.
I considered binding one jail to the ethernet interface and the other to the loopback, but just seemed wrong somehow. So, I figured there must be a way to create some kind of virtual interface, one for each jail, so that I wouldn't need to even worry about each jail stepping on each other.
Google wasn't much help (maybe my google fu was off that day), so after many an "apropos" and much poking through /etc/defaults/rc.conf, I decided to use "cloned_interfaces" to create bridge0 and bridge1 without actually bridging them to anything. The jails bind to them just fine, and work as you'd expect.
But something tells me that there must be a more "proper" way to do this. Maybe a driver specifically meant for this? Or maybe with the new virtualized network stack for jails? In any case, I'd appreciate if anyone with more knowledge of FBSD networking arcana would tell me if my chosen method is acceptable or if there is a more proper method of accomplishing what I want to do.
I installed 2 DNS server jails: one for internal caching and one to be my domain's primary name server. I ran into the problem of jails on the same interface (my only one) not being able to bind to the same port.
I considered binding one jail to the ethernet interface and the other to the loopback, but just seemed wrong somehow. So, I figured there must be a way to create some kind of virtual interface, one for each jail, so that I wouldn't need to even worry about each jail stepping on each other.
Google wasn't much help (maybe my google fu was off that day), so after many an "apropos" and much poking through /etc/defaults/rc.conf, I decided to use "cloned_interfaces" to create bridge0 and bridge1 without actually bridging them to anything. The jails bind to them just fine, and work as you'd expect.
But something tells me that there must be a more "proper" way to do this. Maybe a driver specifically meant for this? Or maybe with the new virtualized network stack for jails? In any case, I'd appreciate if anyone with more knowledge of FBSD networking arcana would tell me if my chosen method is acceptable or if there is a more proper method of accomplishing what I want to do.