SEO Egghead by Jaimie Sirovich: A blog about SEO, written for nerds, by a nerd.

Choose a Topic:

» Suggest a topic or buzz to cover; if I write about it, you'll get credit with a link in the post!
Mon
12
Jun '06

Workaround for FreeBSD's limitation of 1 IP Per Jail

Part of Jaimie Sirovich's adventure in FreeBSD

FreeBSD was one of the first operating systems to support the "jail" concept.  Since then, many other OSes and projects have embraced the idea.  Solaris "zones" are now a part of Solaris 10, and Virtuozzo adds a really nice more managed jail solution to Linux.  All have their upsides and downsides.  For no other reason than that I am a FreeBSD user for many years, I use FreeBSD jails.

One of the most annoying limitations on FreeBSD jails is that FreeBSD only allows them 1 IP, and if you're hosting more than one SSL site in the jail, this is a major problem.  I found a workaround, though.  Simply add this to "/etc/ipfw.conf" on the host OS (obviously not in the jail!).

"add fwd MAIN_JAIL_IP ip from any to SECONDARY_JAIL_IP via YOUR_INTERFACE"

Then simply proceed as if that jail had that IP by a normal assignment.  This apparently does not alter the headers, so Apache sees the SECONDARY_JAIL_IP.  It appears to play well with SSL as well.  I believe this works 100%, but as with everything YMMV.

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • digg
  • Furl
  • Reddit
  E-Mail This Post/Page

Leave a Reply