jail network interface lo

Hello.
Please tell me.
I have several jails, in jails you need to raise the lo0 interface.
How should I do it?
My system FreeBSD 11.3.
 
You can configure the interface in /etc/rc.conf as
Code:
cloned_interfaces="lo1"
ifconfig_lo1="inet 10.0.0.254 netmask 255.255.255.0"
and select the jails lo1 ip in /etc/jail.conf as
Code:
the-jail {
               ...
                ip4.addr = "10.0.0.2";
                interface = "lo1";
                ...
           }
In the example the host has the adress 10.0.0.254 and the jail 10.0.0.2.
 
OP
bagas
Then I think so.
Code:
the-jail {

                ...

                ip4.addr = "lo1|127.0.1.2,igb1|92.68.2.41,44.22.45.44"

                ...

           }
 
Something like that. But I am not sure about the exact syntax. I use lo1 and have proxies listening on the host.
 
OP
bagas
Something like that. But I am not sure about the exact syntax. I use lo1 and have proxies listening on the host.
In jail.conf.
...
ip4.addr = "lo1|127.0.1.1,igb1|92.68.2.41";
...
Does not work.
# service jail onestart site
Starting jails: cannot start jail "site":
jail: site: ip4.addr: not an IPv4 address: igb1|92.68.2.41
 
You need create the additional loopback interfaces in rc.conf before using them in jail.conf or ezjail confs. For example:
Code:
Ifconfig_lo1_alias0="inet 192.168.1.2 netmask 255.255.255.255"
 

SirDice

Administrator
Staff member
Administrator
Moderator
Jails don't need a lo(4) interface. They'll work just fine without it. But keep in mind that there's no 127.0.0.1 to bind to, so you need to bind your services to the jail's IP specifically.
 
OP
bagas
I tried it like that.
Code:
 jail.conf.
...
ip4.addr = "127.0.1.1,92.68.2.41";
...

I want them to be processed locally so that there is no access to them from outside.
Code:
ifconfig lo1
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet 127.0.1.1 netmask 0xfffffff8
    groups: lo
 

SirDice

Administrator
Staff member
Administrator
Moderator
What exactly are you trying to do?

I want them to be processed locally so that there is no access to them from outside.
Then why are you binding an external IP address (92.68.2.41) to the jail? Why are you using that IP address in the first place? It belongs to a hardware store in Schiedam (Netherlands).
 
OP
bagas
What exactly are you trying to do?


Then why are you binding an external IP address (92.68.2.41) to the jail? Why are you using that IP address in the first place? It belongs to a hardware store in Schiedam (Netherlands).
I indicated the white ip address as an example, so I have it different.
I raised the caching dns for one project to speed up the web.
There are services that do not need to be given access from outside.
 
I indicated the white ip address as an example, so I have it different.
I raised the caching dns for one project to speed up the web.
There are services that do not need to be given access from outside.
Give it a private IP - e.g. 192.168.1.1 - and a different loopback - e.g. lo1->127.0.1.1 - and only use the private IP or either depending on what you want.

That's why I said you could first define them in rc.conf and then, in your (ez)jail.conf, tie the (private) IP address to the same outgoing network interface for the host.
 
Top