driesm
Developer
I've been diving into jails lately and I'm scratching my head.
In terms of pure configuration of jail.conf I have no real questions.
However in terms of IP usage and interface allocation I have a few.
I have read many threads about jails and have seen 2 approaches most widely used:
1) Jail IP addresses are set on the LAN interface as alliases (or WAN if you don't need NAT)
2) Jail IP addresses are set on seperate cloned lo1 interface as alliases
Is there a benefit to use one over the other configuration approach?
Its not that there is a potential security hole if you allias jail IP's on LAN interface?
Whereas when attaching jails to lo1 interface its seperate from LAN trafic.
I imagine that using a different subnet is recomended?
Maybe even a completely seperate private address range?
In terms of pure configuration of jail.conf I have no real questions.
However in terms of IP usage and interface allocation I have a few.
I have read many threads about jails and have seen 2 approaches most widely used:
1) Jail IP addresses are set on the LAN interface as alliases (or WAN if you don't need NAT)
2) Jail IP addresses are set on seperate cloned lo1 interface as alliases
Is there a benefit to use one over the other configuration approach?
Its not that there is a potential security hole if you allias jail IP's on LAN interface?
Whereas when attaching jails to lo1 interface its seperate from LAN trafic.
I imagine that using a different subnet is recomended?
Maybe even a completely seperate private address range?