Re: [ezjail] what does that one jail lock another?

On Jan 14, 2012, at 5:43 PM, Dirk Engling wrote:

> On 14.01.12 14:32, Ferruccio Zamuner wrote:
>> With ezjail 3.1 and freebsd 8.1 I can share same external IP (on re0)
>> between different jails while with ezjail 3.2 on freebsd 8.2 seems not
>> possible.
>> Have you more hint about how to solve this?
> I think, the jail man page says it:
> "It is only possible to start multiple jails with the same IP address,
> if none of the jails has more than this single overlapping IP address
> assigned to itself."
> So bad luck in trying to bind to the same address AND a local one. Maybe
> you use NAT to solve this:
> http://blog.burghardt.pl/2009/01/multiple-freebsd-jails-sharing-one-ip-address/

I have something very similar running on a production 7.x box.  I
did not do that to share a single IP, but to hack around the lack
of being able to do multiple IPs in a jail on 7.x.  I also used pf
with very similar rules.  It's been totally flawless.

I also have some jails that are not meant to have public IPs but
still need to be able to reach the internet for various things and
I use pf with a "nat on ..." line to get outbound access without
binding the jail to an external IP.

Just wanted to confirm the NAT trick works and works well.



>  erdgeist