Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ENHANCEMENT] IP management not flexible #347

Open
michael-o opened this issue Feb 16, 2021 · 9 comments
Open

[ENHANCEMENT] IP management not flexible #347

michael-o opened this issue Feb 16, 2021 · 9 comments
Labels
enhancement New feature or request

Comments

@michael-o
Copy link
Contributor

Is your feature request related to a problem? Please describe.
I cannot assign multiple IPs to a regular jail. Support for multiple IPs would be good.

Describe the solution you'd like
I have bce0 on the server, the jail is supposed to have a public IP on the same interface. Cloned lo1 for a local interface for the jail.
I expect this to work:

bastille create -T jailX 12.2-RELEASE "bce0|1.2.2.3,lo1|127.0.1.1"

this just doesn't because bastiile cannot parse this.

Describe alternatives you've considered
What I did is to modify the jail's jail.conf:

  interface = bce0;
  ip4.addr = bce0|1.2.2.3;
  ip4.addr += lo1|127.0.1.1;
  ip6 = disable;

Note that I cannot remove interface because bastille complains. From a jail's point of view I have provided the interface name in both ip4.addr lines.

Additional context
Bastille blindly assumes that every jail will have just one IP address or be VNET.

Note: I cannot use VNET jails for now because our datacenter switch allows on one MAC address per physical LAN port.
@michael-o michael-o added the enhancement New feature or request label Feb 16, 2021
@s1dh
Copy link

s1dh commented Mar 29, 2022

I wanted to create a VNET jail with an additionnal lo aliased interface for acting like a reverse proxy with a hoster failover public IP that would redirect to LAN backend. It failed (because of the vnet nature of the interface I presume). Then I considered a non vnet approach and add public and local IP like the way you describe and it works.

Of course multiple IP integration in bastille's jails manager would be a great feature.
Thanks anyway for the tips !

@tschettervictor
Copy link
Collaborator

@michael-o Is this only for non-VNET jails?

PR #783 allows adding/removing interfaces from VNET and bridged jails, although no support for multiple IPs (yet)

@tschettervictor
Copy link
Collaborator

tschettervictor commented Jan 3, 2025
edited
Loading

Support is now added to PR #783 to add multiple interfaces to jails. This follows the format requested above, although there is still no support for multiple IPs.

See

root@bastille:~ # bastille network -cf classic add bridge0 10.0.0.2
Valid: (bridge0).
Valid: (10.0.0.2).
[classic]:
Added interface: "bridge0"

And the resulting jail.conf

classic {
  devfs_ruleset = 4;
  enforce_statfs = 2;
  exec.clean;
  exec.consolelog = /var/log/bastille/classic_console.log;
  exec.start = '/bin/sh /etc/rc';
  exec.stop = '/bin/sh /etc/rc.shutdown';
  host.hostname = classic;
  mount.devfs;
  mount.fstab = /usr/local/bastille/jails/classic/fstab;
  path = /usr/local/bastille/jails/classic/root;
  securelevel = 2;
  osrelease = 13.4-RELEASE;

  interface = bastille0;
  ip4.addr += bridge0|10.0.0.2;
  ip4.addr = 10.0.0.1;

  ip6 = disable;

root@bastille:~ # bastille network classic remove bridge0
Valid: (bridge0).
[classic]:
Removed interface: "bridge0"

@tschettervictor
Copy link
Collaborator

Ive chosen to leave the default interface and not allow removal using the "network" subcommand. But you can add as many as you want and should only be limited by the number of interfaces you have on your system.

@michael-o
Copy link
Contributor Author

@michael-o Is this only for non-VNET jails?

PR #783 allows adding/removing interfaces from VNET and bridged jails, although no support for multiple IPs (yet)

Looking at the comment above, it applies to other cases as well. I was able to move to VNET after some time since I was able to get a VLAN w/o a MAC limitation, but I still consider the request to be valuable for others.

@tschettervictor
Copy link
Collaborator

This would require serious consideration as it breaks such commands as "bastille config jail get ip4.addr"

I'm really not sure what the best way forward would be.

@tschettervictor
Copy link
Collaborator

I've implemented this now in my own fork of bastille.

Basically jails now get created without the "interface" part and all interface/ip pairs are now in the form of "interface|ip" allowing easy addition of any interfaces (VNET and non-VNET)

@tschettervictor
Copy link
Collaborator

And it has support for IPv6 addresses.

@tschettervictor
Copy link
Collaborator

Now also supports adding multiple IP addresses for non-VNET jails.

test3 {
  devfs_ruleset = 4;
  enforce_statfs = 2;
  exec.clean;
  exec.consolelog = /var/log/bastille/test3_console.log;
  exec.start = '/bin/sh /etc/rc';
  exec.stop = '/bin/sh /etc/rc.shutdown';
  host.hostname = test3;
  mount.devfs;
  mount.fstab = /usr/local/bastille/jails/test3/fstab;
  path = /usr/local/bastille/jails/test3/root;
  securelevel = 2;
  osrelease = 13.4-RELEASE;

  ip4.addr = vtnet0|10.4.5.6;
  ip4.addr += bridge0|10.4.5.9;
  ip4.addr += bridge0|10.4.5.8;
  ip4.addr += bridge0|10.4.5.7;
  ip4.addr += bridge1|10.3.4.6;

  ip6 = disable;
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@michael-o @s1dh @tschettervictor