Hello all, I've been searching around and have come up with no current discussions on this issue. I'll keep it brief: In 7.0 or 7.1 is there any provision to have multiple IP addresses in a jail? I'm stumped on this, as I just started a new hosting project that needs a few jails. At least one of those requires multiple IPs, which is something I never really even realized was not supported. What puzzles me more is that before I decided to host this stuff myself, I was shopping for FreeBSD VPS providers, and I noticed that Verio is actually offering what looks like jails as VPSs, and they are offering multiple IPs. Is this something they hacked up and did not contribute back? Is there any firewall hackery to be had that can at least let me do IP based virtual hosts for web hosting? Thanks, Charles
On Tue, 28 Oct 2008, Charles Sprickman wrote:> Hello all, > > I've been searching around and have come up with no current discussions on > this issue. I'll keep it brief: > > In 7.0 or 7.1 is there any provision to have multiple IP addresses in a jail?Subscribe to the freebsd-jail mailinglist and check the archives. You'll find patches there. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.
Charles Sprickman wrote: > [...] > Is there any firewall hackery to be had that can at least let me do IP > based virtual hosts for web hosting? A common solution is to put the jail on a localhost IP (e.g. 127.0.0.2, whatever). The apache inside is bound to several arbitrary port numbers. For example, the first virtual host listens on port 800, the next one on port 801, then 802, and so on. Everything on the same jail IP. Then use packet filter and NAT rules to forward incoming connections from the real IP addresses to the respective port on your jail IP: 11.22.33.44 : 80 <--> 127.0.0.2 : 800 11.22.33.45 : 80 <--> 127.0.0.2 : 801 11.22.33.46 : 80 <--> 127.0.0.2 : 802 11.22.33.47 : 80 <--> 127.0.0.2 : 803 ... You should be able to do that with any of the included "firewall" packages (IPFW, IPF, PF). Personally I prefer IPFW, which is used like this: ipfw nat 1 config redirect_port tcp 127.0.0.2:800 11.22.33.44:80 ipfw nat 1 tcp from any to 11.22.33.44 80 ipfw nat 1 tcp from 127.0.0.2 800 to any ipfw nat 2 config redirect_port tcp 127.0.0.2:801 11.22.33.45:80 ipfw nat 2 tcp from any to 11.22.33.45 80 ipfw nat 2 tcp from 127.0.0.2 801 to any .. and so on. Of course you can add additional NAT rules for port 443 (https). Works perfectly fine for me. (You need to enable IPFIREWALL_NAT and LIBALIAS in your kernel, or load libalias.ko and ipfw_nat.ko with kldload.) Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Gesch?ftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M?n- chen, HRB 125758, Gesch?ftsf?hrer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "[...] one observation we can make here is that Python makes an excellent pseudocoding language, with the wonderful attribute that it can actually be executed." -- Bruce Eckel
Hi, there's a patch by Bjoern A.Zeeb, available at http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff which succeeds and works well with 7.1-PRERELEASE currently. I had similar issues to solve and patched several hosts with it, so far with success. Bjoern has made an excellent work in patching all relevant parts, so you'll be able to use the stock rc.d/jail script as well as having an updated manpage and a jls -v which shows all the IPs while preserving compatibility with scripts making assumptions on the usual jls output. Please see the freebsd-jail mailing list archives of the last weeks and months for more info. I hope very much that these patches will be included officially in RELENG_7 soon. Regards, Lorenzo On 28.10.2008, at 07:32, Charles Sprickman wrote:> Hello all, > > I've been searching around and have come up with no current > discussions on this issue. I'll keep it brief: > > In 7.0 or 7.1 is there any provision to have multiple IP addresses > in a jail? > > I'm stumped on this, as I just started a new hosting project that > needs a few jails. At least one of those requires multiple IPs, > which is something I never really even realized was not supported. > What puzzles me more is that before I decided to host this stuff > myself, I was shopping for FreeBSD VPS providers, and I noticed that > Verio is actually offering what looks like jails as VPSs, and they > are offering multiple IPs. Is this something they hacked up and did > not contribute back? > > Is there any firewall hackery to be had that can at least let me do > IP based virtual hosts for web hosting? > > Thanks, > > Charles > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org > "