configuration of multiple IPs for a jail
Greetings to the community. That's my first post to this list. I run a mailserver (postfix/dovecot) in a jail on a 7.2 stable system. My question is about configuring multiple IP addresses for that jail. My IP configuration is just done via # jail blabla 123.123.123.249,123.123.123.227,123.123.123.248 blabla I want to use 123.123.123.249 as my primary IP within the jail and futhermore use the same IP for outgoing SMTP connections. Everything works nice so far. The only issue is, that postfix obviously insists to use the second IP (227) to send out the Emails though it should use the primary IP (249). Trying to bind postfix to the right address did not help. I've read tons about jail configuration but could not find the one hint needed. So my question is: Does a jail always use the 'lowest' IP from a bunch of multiple IPs given with the jail start command ? I can't find any other explanation. Nothing else points to the 227 address. And if true - is there a way to change this behaviour ? Thanks a lot in advance Tom ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
How do you manage your jails?
So you have installed a FreeBSD server and setup several jails on your system. They run the services they need and everything works smoothly. But how do manage all of them? What do you do if you want to run a command on all jails? Do you run cfengine/puppy? How do you setup sendmail? Do you have sendmail on all jails? Do you share ports to all jails? How do you keep ports up to date on them? Do you have a set of scripts that you want to share? On http://antarctica.no/stuff/UNIX/FreeBSD/jails/ you'll find what I use. I'm preparing a talk for BLUG (the local Linux/BSD group) and I want to know how YOU manage your jails, there sure are more than one way do it. -- chs ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
RE: How do you manage your jails?
pssh with pki keys to run multiple commands, ports in main. Make packages then pssh each to install the package -Original Message- From: Christer Solskogen christer.solsko...@gmail.com Sent: Thursday, January 28, 2010 5:05 PM To: freebsd-jail@freebsd.org freebsd-jail@freebsd.org Subject: How do you manage your jails? So you have installed a FreeBSD server and setup several jails on your system. They run the services they need and everything works smoothly. But how do manage all of them? What do you do if you want to run a command on all jails? Do you run cfengine/puppy? How do you setup sendmail? Do you have sendmail on all jails? Do you share ports to all jails? How do you keep ports up to date on them? Do you have a set of scripts that you want to share? On http://antarctica.no/stuff/UNIX/FreeBSD/jails/ you'll find what I use. I'm preparing a talk for BLUG (the local Linux/BSD group) and I want to know how YOU manage your jails, there sure are more than one way do it. -- chs ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: configuration of multiple IPs for a jail
On 27/01/2010 02:08, t...@diogunix.com wrote: Greetings to the community. That's my first post to this list. I run a mailserver (postfix/dovecot) in a jail on a 7.2 stable system. My question is about configuring multiple IP addresses for that jail. My IP configuration is just done via # jail blabla 123.123.123.249,123.123.123.227,123.123.123.248 blabla I want to use 123.123.123.249 as my primary IP within the jail and futhermore use the same IP for outgoing SMTP connections. Everything works nice so far. The only issue is, that postfix obviously insists to use the second IP (227) to send out the Emails though it should use the primary IP (249). Trying to bind postfix to the right address did not help. I've read tons about jail configuration but could not find the one hint needed. So my question is: Does a jail always use the 'lowest' IP from a bunch of multiple IPs given with the jail start command ? I can't find any other explanation. Nothing else points to the 227 address. And if true - is there a way to change this behaviour ? Thanks a lot in advance Tom Hi Tom, This behaviour has been addressed in RELENG_7 recently with r202924 [1]. This commit allows you to set : sysctl security.jail.ip4_saddrsel 0 , which makes the kernel use the first IP passed to jail (8) as the default source address instead of the default behaviour which picks the first matching ip for that jail on the interface. A workaround (if you're not able to update to a RELENG_7 following that commit) is to reorder your interface aliases in /etc/rc.conf ,so that your primary jail ip has a lower alias # than any secondary ips for that jail. Hope this helps, Jase. [1] http://svn.freebsd.org/changeset/base/202924 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: configuration of multiple IPs for a jail
Jase, This behaviour has been addressed in RELENG_7 recently with r202924 [1]. thank you very much. That's what I was watching out for :-). I somehow could not find that hint in all the resources I used. This commit allows you to set : sysctl security.jail.ip4_saddrsel 0 , which makes the kernel use the first IP passed to jail (8) as the default source address instead of the default behaviour which picks the first matching ip for that jail on the interface. Just great. I run 7.2 stable on most machines and thanks to your information it will be much easier than what I meanwhile did to fix things. A workaround (if you're not able to update to a RELENG_7 following that commit) is to reorder your interface aliases in /etc/rc.conf ,so that your primary jail ip has a lower alias # than any secondary ips for that jail. Yes. I've meanwhile found exactly that out the hard way and by trial and error. Works nice (or however, it works), even when the kernel setting method of course is much more elegant. Hope this helps, I did already. Many thanks Tom ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
