I have inherited an environment with multiple FreeBSD6.1 machines running jails.
Due to IP exhaustion on the local network, I want to change the jails so that there is 1 routable IP on the physical network, and another non-routable virtual network between the jails.
Is this actually achievable? My research so far indicates that a jail has it's own address bound to a network interface on the host; I haven't been able to find any information on virtual network interfaces.
I want to ensure that there is no ARP traffic for my jail IP addresses, as all access to开发者_Go百科 the jails will be via SSH on the host (or netcat/ssh proxying via the host).
Any guidance on implementing this would be greatly appreciated.
Just add aliases to lo0 and give each jail an address in 127/8. For example, 127.0.0.2, 127.0.0.3, ..., 127.255.255.254.
You can then proxy or do NAT as required.
Update, almost a year later:
If you upgrade to FreeBSD 8 or higher you can also use epair(4) to create a virtual network interface between two jail instances. You can combine this with if_bridge to create a virtual network exactly as you are trying to do.
For a quick and dirty fix, you could also stick a router in front of the box (with a new subnet) and then set the router's DMZ to the server's new IP address.
精彩评论