Push two ip to jail

[sompi]

Hello, I have a jail and I have two interfaces rl0 and rl1 and each have own IP at host system, I want to push both IP from host system to jail, how to do that?
at /etc/jail.conf

ip4 = inherit;

pushes all interfaces, but I need only two.
I tried

ip4.addr= ip1, ip2;

and

ip4.addr = ip1;
ip4.addr += ip2;

But it returns

jail: 1: IPv4 addresses clash

error
I think it's because it trying to push two ip from one interface, and i have two interfaces, but i don't know how to write it at config
I tried something like ip4.addr="rl0:ip1, rl1:ip2"; but not working too.

 

[VladiBG]

Read the comments from this bug report

231773 – Nested jails: "IPv4 addresses clash"

bugs.freebsd.org

Do you have overlapping jails with the same IP?

 

[sompi]

Do you have overlapping jails with the same IP?

Yes, I have 4 jails with same IP as my host and I need to push another IP to one of them.
There is no solution for this except ip4 = inherit;?
Can't believe it.

 

[VladiBG]

From the man page of jail(8)

ip4.addr
A list of IPv4 addresses assigned to the jail. If this is set,
the jail is restricted to using only these addresses. Any at-
tempts to use other addresses fail, and attempts to use wildcard
addresses silently use the jailed address instead. For IPv4 the
first address given will be used as the source address when
source address selection on unbound sockets cannot find a better
match. It is only possible to start multiple jails with the same
IP address if none of the jails has more than this single over-
lapping IP address assigned to itself.

 

[Mjölnir]

From jail(8)

• ip4.addr
  In addition to the IP addresses that are passed to the kernel, an
  interface, netmask and additional parameters (as supported by
  ifconfig(8)) may also be specified, in the form
  “interface|ip-address/netmask param ...”. If an interface is
  given before the IP address, an alias for the address will be
  added to that interface, as it is with the interface parameter.
  If a netmask in either dotted-quad or CIDR form is given after an
  IP address, it will be used when adding the IP alias. If
  additional parameters are specified then they will also be used
  when adding the IP alias.

Additionally, we might have to look at uname -v

 

[Mjölnir]

Yes, I have 4 jails with same IP as my host and I need to push another IP to one of them.
There is no solution for this except ip4 = inherit;?
Can't believe it.

Keep in mind that the jails all share the same kernel...

 

[Lamia]

I am not sure I understand the question. You may want to take a look at this - https://forums.freebsd.org/threads/...ervers-public-mysql-private.76107/post-468959

 

[Mjölnir]

I understand with "push IP from host to jail" s/he means the host does not manage (maybe even not see?) the interfaces but the jail does instead. Which is n.p., obviously.

 

[Lamia]

They may want to give the host a DHCP at least to be available on the network and do whatever to the jails.