# Jails on hosts with dynamic IPs



## wblock@ (May 25, 2016)

My notebook has a couple of jails for demonstrations.  Usually these are web servers, and need to be accessible to others on the same network.  But the host address is assigned by DHCP, so the jail IP address needs to be adjusted each time.  I can think of a couple of ways to make this easier:

Run a DHCP client in the jail.  I'm not sure that is possible.
Script something to create the jail IP address in the same netblock as the host.  This is trickier than it sounds, because it has to check that the address is not already in use.  Nameservers also have to be set, but could be copied from the host.  Or the host could run a forwarding-only nameserver.
Set up a firewall to forward a port on the host to the jail.  This does not solve the DNS problem.

What do people do?  Has anyone come up with an elegant solution?


----------



## SirDice (May 25, 2016)

I think you can solve things at least partially by binding the jails to lo1 in a 127.1.0.0/16 network or something (to avoid any overlap). And running unbound on the host, unbound should be able to deal with DHCP DNS settings. Traffic to/from the jails can be NAT'ed on the host. But that would require some port forwards. Instead of NAT another idea would be to run net/haproxy on the host and have it forward the traffic to specific jails.


----------



## chrbr (May 25, 2016)

SirDice said:


> I think you can solve things at least partially by binding the jails to lo1 in a 127.1.0.0/16 network or something (to avoid any overlap). And running unbound on the host, unbound should be able to deal with DHCP DNS settings.


This works well for me, too. It just need dns/unbound and not the local version of the base. The lo1 just needs to be configured in the interface section of unbound.conf. www/privoxy runs on the host and serves browsers running in the jails. By the way, hukadan, thank you for your excellent howtodo . For reporting purpose mail/postfix is configured to accept mail via lo1, too. This avoids NAT for my setup.


----------

