# jail network interface lo



## bagas (Jul 5, 2020)

Hello.
Please tell me.
I have several jails, in jails you need to raise the lo0 interface.
How should I do it?
My system FreeBSD 11.3.


----------



## chrbr (Jul 5, 2020)

You can configure the interface in /etc/rc.conf as

```
cloned_interfaces="lo1"
ifconfig_lo1="inet 10.0.0.254 netmask 255.255.255.0"
```
and select the jails lo1 ip in /etc/jail.conf as

```
the-jail {
               ...
                ip4.addr = "10.0.0.2";
                interface = "lo1";
                ...
           }
```
In the example the host has the adress 10.0.0.254 and the jail 10.0.0.2.


----------



## bagas (Jul 5, 2020)

Then I think so.

```
the-jail {

                ...

                ip4.addr = "lo1|127.0.1.2,igb1|92.68.2.41,44.22.45.44"

                ...

           }
```


----------



## chrbr (Jul 5, 2020)

Something like that. But I am not sure about the exact syntax. I use lo1 and have proxies listening on the host.


----------



## bagas (Jul 5, 2020)

chrbr said:


> Something like that. But I am not sure about the exact syntax. I use lo1 and have proxies listening on the host.


I'll try tomorrow, unsubscribe to the topic.


----------



## scottro (Jul 5, 2020)

I found this page useful when I first tried this. 

http://kbeezie.com/freebsd-jail-single-ip/


----------



## bagas (Jul 6, 2020)

chrbr said:


> Something like that. But I am not sure about the exact syntax. I use lo1 and have proxies listening on the host.


In jail.conf.
...
ip4.addr = "lo1|127.0.1.1,igb1|92.68.2.41";
...
Does not work.
# service jail onestart site
Starting jails: cannot start jail  "site": 
jail: site: ip4.addr: not an IPv4 address: igb1|92.68.2.41


----------



## Lamia (Jul 6, 2020)

You need create the additional loopback interfaces in rc.conf before using them in jail.conf or ezjail confs. For example:

```
Ifconfig_lo1_alias0="inet 192.168.1.2 netmask 255.255.255.255"
```


----------



## SirDice (Jul 6, 2020)

Jails don't need a lo(4) interface. They'll work just fine without it. But  keep in mind that there's no 127.0.0.1 to bind to, so you need to bind your services to the jail's IP specifically.


----------



## bagas (Jul 6, 2020)

I tried it like that.

```
jail.conf.
...
ip4.addr = "127.0.1.1,92.68.2.41";
...
```

I want them to be processed locally so that there is no access to them from outside.

```
ifconfig lo1
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet 127.0.1.1 netmask 0xfffffff8
    groups: lo
```


----------



## SirDice (Jul 6, 2020)

What exactly are you trying to do? 



bagas said:


> I want them to be processed locally so that there is no access to them from outside.


Then why are you binding an external IP address (92.68.2.41) to the  jail? Why are you using that IP address in the first place? It belongs to a hardware store in Schiedam (Netherlands).


----------



## bagas (Jul 6, 2020)

SirDice said:


> What exactly are you trying to do?
> 
> 
> Then why are you binding an external IP address (92.68.2.41) to the  jail? Why are you using that IP address in the first place? It belongs to a hardware store in Schiedam (Netherlands).


I indicated the white ip address as an example, so I have it different.
I raised the caching dns for one project to speed up the web.
There are services that do not need to be given access from outside.


----------



## Lamia (Jul 7, 2020)

bagas said:


> I indicated the white ip address as an example, so I have it different.
> I raised the caching dns for one project to speed up the web.
> There are services that do not need to be given access from outside.


Give it a private IP - e.g. 192.168.1.1 - and a different loopback - e.g. lo1->127.0.1.1 - and only use the private IP or either depending on what you want.

That's why I said you could first define them in rc.conf and then, in your (ez)jail.conf,  tie the (private)  IP address to the same outgoing network interface for the host.


----------

