Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Nov 2014 15:55:20 +0000
From:      Arthur Chance <freebsd@qeng-ho.org>
To:        Paul Pathiakis <pathiaki2@yahoo.com>, freebsd-questions@freebsd.org
Subject:   Re: 127.0.0.1 in a jail
Message-ID:  <546E0EE8.3050102@qeng-ho.org>
In-Reply-To: <546E08B3.9090906@yahoo.com>
References:  <546E08B3.9090906@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 20/11/2014 15:28, Paul Pathiakis via freebsd-questions wrote:
> Hi,
>
> I have a question about jails and localhost.
>
> I have found older documentation that says within a jail 127.0.0.1 is
> mapped to the jail's IP address so that software that maps to localhost
> or 127.0.0.1 get handed the jails IP.
>

I've always understood that to mean that if you attempt to bind(2) a 
socket with a socket address of 127.0.0.1 then the jail ip addr (or the 
default one when it has more than one ip addr) is substituted. This does 
not mean that a DNS (or /etc/hosts) lookup of localhost in a jail will 
automatically return the jail ip.

> However, I have tried ping (yes, I turned on raw sockets, bad me.) and
> telnet to a sendmail process I have running.
>
> They both return errors.
>
> PING 127.0.0.1 (127.0.0.1): 56 data bytes
> ping: sendto: Operation not permitted
> ping: sendto: Operation not permitted
> ping: sendto: Operation not permitted
>
>
> # telnet 127.0.0.1
> Trying 127.0.0.1...
> telnet: connect to address 127.0.0.1: Connection refused
> telnet: Unable to connect to remote host
>
>
> Needless to say, this is causing problems with some software that I have
> to install.
>
> Does anyone know how to verify that 127.0.0.1/localhost map to the
> jail's IP?
>
> If it isn't, how do I change it to be so?

I don't think you can do anything to make 127.0.0.1 work as a target for 
connecting to - how is the common network stack to decide whether you're 
talking to the jail or the main box? It might be possible in VIMAGE 
jails, but I have no experience of them.

You could always add an entry for localhost in the jail's /etc/hosts 
that is the jail's address rather than 127.0.0.1. That's not going to 
happen automatically though.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?546E0EE8.3050102>