Set fixed IP from within jail?

[k_allhands]

Hello all...complete noob...first post.

Admins, if this is in the wrong subsection of the board, please feel free to relocate the post.

I'm configuring a FreeNAS 11 system with a FreeBSD jail hosting a separate web service for a commercial installer. We want to give them access only to the jail interface...no access to FreeNAS (which is easy enough to do with account protections).

...however, the client wishes to set a fixed IP address for the jail after delivery. Is there a safe, supportable, reboot-survivable method to set a fixed IP address for a jail from within the jail after it is created? Attempts to manually alter /etc/rc.conf via PHP script in the jail didn't seem to take properly...same for direct ifconfig commands.

To eliminate the "why would you want to do that" questions...this is a very specific client request, and we have very specific reasons to keep their busy fingers out of the FreeNAS configuration interface.

Any recommendations would be appreciated.

 

[nightshade00013]

While there could be if it's a client system just show them how to make the changes in the GUI to set a static IP for the jail. Seems a lot easier than making them try and use some sort of a script.

 

[k_allhands]

Thanks for the reply, nightshade...this client has had a history of blowing up Unraid systems by tweaking settings that they shouldn't touch, then complaining about the instability of what was provided. Unless there is a way to restrict their account on the main interface to only being able to set fixed IP addresses...only on the one jail and maybe the primary NAS...there is now way we'd grant them access.

So...given the limitation...does anyone have an idea how script/implement a solution to have a jail reconfigure it's own IP address? I'm assuming I'd drive scripts from a PHP page, passing parameters or writing a parm file for a script to rely upon.

If this is impossible with a jail, would I be better off building my other functionality into a VM, where I may have a bit more control?

 

[nightshade00013]

Honestly I would just let them do what they do and explain that if they break it because they tweaked it you are going to charge them to fix it and every time you have to do it the cost will double. Eventually they will get the idea but just because you are the one managing the system now doesn't mean that you will be in 6 months or a year or however long the system lives. Unless you own it they have all the rights in the world to do what they want with it and since they obviously are going to call the shots on things like they are PERSONALLY going to set a static IP address when the system gets there then I would say be done with it. There should honestly no reason why you can't set a static IP now or just let it function via DHCP and they can create a reservation in their router.

I don't even think you will be able to change the IP address in a jail with a script at all especially with how the jails are tied into the main system. A VM could probably set that parameter since a virtual network card is being passed through but it will come with a pretty large overhead just to prevent someone from tinkering.