jail network interface lo

bagas

Active Member

Reaction score: 2
Messages: 139

Hello.
Please tell me.
I have several jails, in jails you need to raise the lo0 interface.
How should I do it?
My system FreeBSD 11.3.
 

chrbr

Aspiring Daemon

Reaction score: 298
Messages: 762

You can configure the interface in /etc/rc.conf as
Code:
cloned_interfaces="lo1"
ifconfig_lo1="inet 10.0.0.254 netmask 255.255.255.0"
and select the jails lo1 ip in /etc/jail.conf as
Code:
the-jail {
               ...
                ip4.addr = "10.0.0.2";
                interface = "lo1";
                ...
           }
In the example the host has the adress 10.0.0.254 and the jail 10.0.0.2.
 
OP
bagas

bagas

Active Member

Reaction score: 2
Messages: 139

Then I think so.
Code:
the-jail {

                ...

                ip4.addr = "lo1|127.0.1.2,igb1|92.68.2.41,44.22.45.44"

                ...

           }
 

chrbr

Aspiring Daemon

Reaction score: 298
Messages: 762

Something like that. But I am not sure about the exact syntax. I use lo1 and have proxies listening on the host.
 
OP
bagas

bagas

Active Member

Reaction score: 2
Messages: 139

Something like that. But I am not sure about the exact syntax. I use lo1 and have proxies listening on the host.
I'll try tomorrow, unsubscribe to the topic.
 
OP
bagas

bagas

Active Member

Reaction score: 2
Messages: 139

Something like that. But I am not sure about the exact syntax. I use lo1 and have proxies listening on the host.
In jail.conf.
...
ip4.addr = "lo1|127.0.1.1,igb1|92.68.2.41";
...
Does not work.
# service jail onestart site
Starting jails: cannot start jail "site":
jail: site: ip4.addr: not an IPv4 address: igb1|92.68.2.41
 

Lamia

Aspiring Daemon

Reaction score: 152
Messages: 619

You need create the additional loopback interfaces in rc.conf before using them in jail.conf or ezjail confs. For example:
Code:
Ifconfig_lo1_alias0="inet 192.168.1.2 netmask 255.255.255.255"
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,283
Messages: 33,826

Jails don't need a lo(4) interface. They'll work just fine without it. But keep in mind that there's no 127.0.0.1 to bind to, so you need to bind your services to the jail's IP specifically.
 
OP
bagas

bagas

Active Member

Reaction score: 2
Messages: 139

I tried it like that.
Code:
 jail.conf.
...
ip4.addr = "127.0.1.1,92.68.2.41";
...
I want them to be processed locally so that there is no access to them from outside.
Code:
ifconfig lo1
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet 127.0.1.1 netmask 0xfffffff8
    groups: lo
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,283
Messages: 33,826

What exactly are you trying to do?

I want them to be processed locally so that there is no access to them from outside.
Then why are you binding an external IP address (92.68.2.41) to the jail? Why are you using that IP address in the first place? It belongs to a hardware store in Schiedam (Netherlands).
 
OP
bagas

bagas

Active Member

Reaction score: 2
Messages: 139

What exactly are you trying to do?


Then why are you binding an external IP address (92.68.2.41) to the jail? Why are you using that IP address in the first place? It belongs to a hardware store in Schiedam (Netherlands).
I indicated the white ip address as an example, so I have it different.
I raised the caching dns for one project to speed up the web.
There are services that do not need to be given access from outside.
 

Lamia

Aspiring Daemon

Reaction score: 152
Messages: 619

I indicated the white ip address as an example, so I have it different.
I raised the caching dns for one project to speed up the web.
There are services that do not need to be given access from outside.
Give it a private IP - e.g. 192.168.1.1 - and a different loopback - e.g. lo1->127.0.1.1 - and only use the private IP or either depending on what you want.

That's why I said you could first define them in rc.conf and then, in your (ez)jail.conf, tie the (private) IP address to the same outgoing network interface for the host.
 
Top