How to add multiple IPs to the jail using jail.conf

B

bryn1u

Hey guys,

I'm looking for a solution to add multiple IPs to a jail but can't find anything. I saw one thead on forum but doesn't solve my problem.
My jail configuration:
Code: 
....
  host.hostname = proton.edu.pl;
  ip4.addr = 79.137.56.144;
  interface = em0;
...

I'm wondering how can I add more then one IP in jail ?
Thanks for help !
 
Code: 
     ip4.addr
             A list of IPv4 addresses assigned to the jail.  If this is set,
             the jail is restricted to using only these addresses.  Any
             attempts to use other addresses fail, and attempts to use
             wildcard addresses silently use the jailed address instead.  For
             IPv4 the first address given will be used as the source address
             when source address selection on unbound sockets cannot find a
             better match.  It is only possible to start multiple jails with
             the same IP address if none of the jails has more than this
             single overlapping IP address assigned to itself.

Code: 
  ip4.addr = "1.1.1.1,2.2.2.2"
 
SirDice said:
Code: 
     ip4.addr
             A list of IPv4 addresses assigned to the jail.  If this is set,
             the jail is restricted to using only these addresses.  Any
             attempts to use other addresses fail, and attempts to use
             wildcard addresses silently use the jailed address instead.  For
             IPv4 the first address given will be used as the source address
             when source address selection on unbound sockets cannot find a
             better match.  It is only possible to start multiple jails with
             the same IP address if none of the jails has more than this
             single overlapping IP address assigned to itself.

Code: 
  ip4.addr = "1.1.1.1,2.2.2.2"
Click to expand...
I read it before post here but there is a problem:
Code: 
root@BSD:~ # jail -r Proton; jail -c Proton
Proton: removed
ifconfig: 79.137.56.144,188.165.137.101: bad value
jail: Proton: /sbin/ifconfig em0 inet 79.137.56.144,188.165.137.101 netmask 255.255.255.255 -alias: failed
ifconfig: 79.137.56.144,188.165.137.101: bad value
jail: Proton: /sbin/ifconfig em0 inet 79.137.56.144,188.165.137.101 netmask 255.255.255.255 alias: failed
root@HardenedBSD:~ # vim /etc/jail.conf
jail.conf
Code: 
mount;
        host.hostname = proton.edu.pl;
        ip4.addr = "79.137.56.144,188.165.137.101";
        interface = em0;
        securelevel = 3;
 
Ah, wait. Try it without the quotes. Or try += to add each IP address. According to jail.conf(5):
Code: 
     Other parameters may have more than one value.  A comma-separated list of
     values may be set in a single statement, or an existing parameter list
     may be appended to using "+=":

           ip4.addr = 10.1.1.1, 10.1.1.2, 10.1.1.3;

           ip4.addr = 10.1.1.1;
           ip4.addr += 10.1.1.2;
           ip4.addr += 10.1.1.3;

With the quotes the system probably takes the whole string as a single value.
 
SirDice said:
Ah, wait. Try it without the quotes. Or try += to add each IP address. According to jail.conf(5):
Code: 
     Other parameters may have more than one value.  A comma-separated list of
     values may be set in a single statement, or an existing parameter list
     may be appended to using "+=":

           ip4.addr = 10.1.1.1, 10.1.1.2, 10.1.1.3;

           ip4.addr = 10.1.1.1;
           ip4.addr += 10.1.1.2;
           ip4.addr += 10.1.1.3;

With the quotes the system probably takes the whole string as a single value.
Click to expand...
It doesnt work either.

Code: 
        host.hostname = proton.edu.pl;
        ip4.addr = 79.137.56.144;
        ip4.addr += 188.165.137.101;
        interface = em0;
        securelevel = 3;
Output:
Code: 
root@HardenedBSD:~ # jail -c Proton
jail: Proton: IPv4 addresses clash
root@HardenedBSD:~ # jail -c Proton
jail: Proton: IPv4 addresses clash
root@HardenedBSD:~ # jail -c Proton
jail: Proton: IPv4 addresses clash
root@HardenedBSD:~ #
 
Ok, now it's telling you that one or more of the IP addresses is already in use by another jail.
 
SirDice said:
Ok, now it's telling you that one or more of the IP addresses is already in use by another jail.
Click to expand...
Yep, you are right.

When i have a only ip i can run/bind 3 jails on the same ip, but when i add more than 1 ip im getting error as i mentioned. It's weird.

For 1 ip:
Code: 
root@HardenedBSD:~ # jls
   JID  IP Address      Hostname                      Path
     1  79.137.56.144   mysql.proton.edu.pl           /jails/SQL
     2  79.137.56.144   audio.proton.edu.pl           /jails/Audio
    12  79.137.56.144   proton.edu.pl                 /jails/Proton
 
This is probably the reason:
Code: 
It is only possible to start multiple jails with
             the same IP address if none of the jails has more than this
             single overlapping IP address assigned to itself.
If I read that correctly you can't add more IP addresses if you're sharing an IP address with multiple jails.
 
You must log in or register to reply here.
Back
Top