Dear fellow hackers, since jail can be bound on multiple IP addresses I tend to clone multiple loopback interfaces and add one loopback address to each jail
cloned_interfaces="lo1 lo2 lo3" ifconfig_lo1_alias0="inet 127.0.0.2 netmask 0xffffffff" ifconfig_lo2_alias0="inet 127.0.0.3 netmask 0xffffffff" ifconfig_lo3_alias0="inet 127.0.0.4 netmask 0xffffffff" .. no this is not yet optimal, since I can not run several jails on a single external IP anymore, but at least local daemons are not visible to the outside world, anymore. However, grep -R 127.0.0.1 /etc reveals, that sendmail in many places assumes localhost to be on 127.0.0.1 instead of looking it up in /etc/hosts or using 127.0.0.0/8 to identify a local connection. I worry that more programmers made those assumptions, possibly breaking more tools. My question is: Who's the right guy to beg to fix sendmail or alternatively would it be smart to allow each jail to have its own concept of 127.0.0.1 on a dummy interface mapped to all jails, that itself doesn't count as a bound IP address (thus allowing the jail to bind to an already bound ip address) and is not routed between jails? Any ideas? erdgeist _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
