Quote:
Originally Posted by gpatrick
|
. . . "have a FreeBSD jail host with multiple local networks"
Using the info at the one page link that GPatrick provided I was able to configure my jail host so that the Host is on my "Admin" network and the Jails are on the "General" network.
This is done by creating multiple routing tables and attaching them to specific network interfaces. These are also known as FIB, and are manipulated with the setfib utility.
Three files need to be configured: (Please visit the link for details)
- /boot/loader.conf
- /etc/rc.local
- /etc/jail.conf
I have two physical NIC's on my JailHost:
- em0 is my Admin network which the host communicates on.
- em1 is my General network which the Jails communicate on.
In my /etc/rc.conf I only has to reference the proper NIC em1:
Code:
ifconfig_em1_alias0="inet 192.168.25.100/32" #www
ifconfig_em1_alias1="inet 192.168.25.120/32" #mail
ifconfig_em1_alias2="inet 192.168.25.5/32" #dns
My current Jail.conf looks something like this:
Code:
user@JailHost:~ % cat /etc/jail.conf
# file: /etc/jail.conf
# Defaults
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
mount.fstab = "/etc/fstab.$name";
exec.consolelog = "/var/log/jail_"$name"_console.log";
host.hostname = "Jail_$name";
allow.set_hostname = 0;
# allow.nomount;
# Dynamic wildcard parameter:
# Base the path off the jail name.
path = "/jpool/jails/j/$name";
# example {
# interface = "lo0";
# ip4.addr = 127.0.0.2;
# }
dns {
exec.fib=1; # Set to the GENERAL routing table
interface = "em1";
ip4.addr = 192.168.25.5/24;
#allow.sysvipc = 1;
#allow.raw_sockets = 1; # Debugging purposes
}
www {
exec.fib=1; # Set to the GENERAL routing table
interface = "em1";
ip4.addr = 192.168.25.100/24;
#allow.sysvipc = 1;
#allow.raw_sockets = 1; # Debugging purposes
}
mail {
exec.fib=1; # Set to the GENERAL routing table
interface = "em1";
ip4.addr = 192.168.25.120/24;
#allow.sysvipc = 1;
#allow.raw_sockets = 1; # Debugging purposes
}