Solved Add multiple IPs to FreeBSD

Code:
---{ datacenter } { cisco switch } ---------- [ 81.223.82.232 ] --- jails (iocage)          |--> [ 81.223.82.233 ]     webproxy
                   81.223.82.232 /29             FreeBSD 10.2            |-----------------> |--> [ 10.8.20.10 ]        DBjail
                   81.223.82.233 /29               OpenVPN                  10.8.20.10-49/29  |--> [ 81.223.82.235 ]      mailjail
                   81.223.82.234 /29             pf firewall
                   81.223.82.235 /29
                   81.223.82.236 /29
Hello could anyone please explain me how I can declare the webproxy jail IP and themailjail as described in my topology?

The 5 IPs under cisco switch are the pool of IPs that I was given by the datacenter.
So far, I have used 2 out of 5 IPs
81.223.82.234 for Dell iDRAC remote management
81.223.82.232 for my FreeBSD 10.2 host server

I would like to use 81.223.82.233 for my web proxy jail server,
81.223.82.235 for the mail server and 10.8.20.10-49/29 for anything that doesn't need to be public such as my database server etc..

So far this is what the network setup is like in /etc/rc.conf
Code:
#### Networking settings
## FreeBSD Host
ifconfig_bce0="inet 81.223.82.232 netmask 255.255.255.248"
defaultrouter="61.243.52.252"
### Jail network interface aliases ###
cloned_interfaces="${cloned_interfaces} lo1"                  # allows loopback isolation in the jail
ipv4_addrs_lo1="10.8.20.10-49/29"                             # assign IP address to lo1

ifconfig_lo1_alias0="inet 10.8.20.10 netmask 255.255.255.255" # [DBjail]
ifconfig_lo1_alias1="inet 10.8.20.11 netmask 255.255.255.255" # unallocated
ifconfig_lo1_alias2="inet 10.8.20.12 netmask 255.255.255.255" # unallocated
ifconfig_lo1_alias3="inet 10.8.20.13 netmask 255.255.255.255" # unallocated
ifconfig_lo1_alias4="inet 10.8.20.14 netmask 255.255.255.255" # unallocated
As a side note, the server curently has 3 physical network cables attached to it
1x iDRAC
1x bce0
1x bce1

I don't know if I can use bce1 to do the job.

Any advise on this matter is really appreciated
Thank you
Fred
 
You could assign the public IP's on the gw and forward the needed ports to the internal IP of the jail.
 
Hi da1
Not sure what you mean, could you show and example please?
Do you mean something like
Code:
ifconfig_bce0="inet 81.223.82.232 netmask 255.255.255.248"
ifconfig_bce0="inet 81.223.82.233 netmask 255.255.255.248"
ifconfig_bce0="inet 81.223.82.235 netmask 255.255.255.248"
 
For instance.

PS: It's not really a good idea to publish your public IP's. Try using something like x.x.x.1, x.x.x.2, x.x.x.3 or x.x.x.x, y.y.y.y, m.m.m.m. You get the point!
 
I didn't think you could assign multiple IPs on the same ethernet (bce0) in my case.
The IPs I gave above are only imaginary, not real :)
 
No idea, wrong assumption I guess
SO
Code:
ifconfig_bce0="inet 81.223.82.232 netmask 255.255.255.248"
ifconfig_bce0="inet 81.223.82.233 netmask 255.255.255.248"
ifconfig_bce0="inet 81.223.82.235 netmask 255.255.255.248"
Followed by some pf redirection and I should be sorted. Is that rigth?
 
Depending on what you want to achieve, yes.

PS: Your syntax is wrong. It should be like so:
Code:
ifconfig_bce0="inet 81.223.82.232 netmask 255.255.255.248"
ifconfig_bce0_alias0="inet 81.223.82.233 netmask 255.255.255.248"
ifconfig_bce0_alias1="inet 81.223.82.235 netmask 255.255.255.248"
etc
 
There is a better way of doing that where you don't have to keep track of the alias indices:

Code:
ifconfig_bce0_aliases="inet 81.223.82.232/29 inet 81.223.82.235/29"

I took the liberty of converting the netmasks to CIDR notation, less typing and less error prone.
 
Note that aliases within the same subnet as the main IP need to be declared with a 255.255.255.255 subnet.
 
SirDice
Do you mean like this:
Code:
ifconfig_bce0_aliases="inet 81.223.82.232 netmask 255.255.255.255 inet 81.223.82.233/29 inet 81.223.82.235/29"
81.223.82.232 is the FreeBSD host IP
81.223.82.233 -> webproxy
81.223.82.235 -> mailjail
 
I thought that wasn't required any longer.

It's still in ifconfig(8), so using the ifconfig_alias syntax it still looks mandatory (though "non-conflicting" isn't necessarily /32):

Code:
     alias   Establish an additional network address for this interface.  This
             is sometimes useful when changing network numbers, and one wishes
             to accept packets addressed to the old interface.  If the address
             is on the same subnet as the first network address for this inter-
             face, a non-conflicting netmask must be given.  Usually 0xffffffff
             is most appropriate.

rc.conf(5) seems in agreement, or at least not in disagreement.

Code:
         It is possible to add IP alias entries using ifconfig(8) syn-
         tax with the address family keyword such as inet.  Assuming
         that the interface in question was ed0, it might look some-
         thing like this:

         ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
         ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
 
Sorry guys,
I'm a bit confused here. Which of the two should I be using?
Code:
ifconfig_bce0_aliases="inet 81.223.82.232 netmask 255.255.255.255 inet 81.223.82.233/29 inet 81.223.82.235/29"
or
Code:
ifconfig_bce0_aliases="inet 81.223.82.232 netmask 255.255.255.255 inet 81.223.82.233 netmask 255.255.255.255 inet 81.223.82.235 netmask 255.255.255.255"
 
Hi, I was in need of the second IP address for an dedicated service on one of my servers, I have got it today from ISP and when I have set it up by aliasing ethernet adapter with all 255 subnet - everything gone wrong (broadcast gone wrong), but when I have changed it to a real subnet eveything just placed in place and working as expected.

Just try to use your real subnet - You will see if it right with a ifconfig command.

P.S. using FreeBSD 11.1
 
Back
Top