3

I have inherited an environment with multiple FreeBSD6.1 machines running jails.

Due to IP exhaustion on the local network, I want to change the jails so that there is 1 routable IP on the physical network, and another non-routable virtual network between the jails.

Is this actually achievable? My research so far indicates that a jail has it's own address bound to a network interface on the host; I haven't been able to find any information on virtual network interfaces.

I want to ensure that there is no ARP traffic for my jail IP addresses, as all access to the jails will be via SSH on the host (or netcat/ssh proxying via the host).

Any guidance on implementing this would be greatly appreciated.

BSD Bertie
  • 31
  • 2

2 Answers2

2

Just add aliases to lo0 and give each jail an address in 127/8. For example, 127.0.0.2, 127.0.0.3, ..., 127.255.255.254.

You can then proxy or do NAT as required.

Update, almost a year later:

If you upgrade to FreeBSD 8 or higher you can also use epair(4) to create a virtual network interface between two jail instances. You can combine this with if_bridge to create a virtual network exactly as you are trying to do.

janm
  • 17,976
  • 1
  • 43
  • 61
0

For a quick and dirty fix, you could also stick a router in front of the box (with a new subnet) and then set the router's DMZ to the server's new IP address.

DarwinSurvivor
  • 365
  • 3
  • 12