Date: Thu, 18 Jan 2018 13:23:04 +0100 From: Ole <ole@free.de> To: freebsd-jail@freebsd.org Subject: Jails routing and localhost Message-ID: <20180118132304.3455fa43.ole@free.de>
next in thread | raw e-mail | index | archive | help
--Sig_/mb2yi3yffgYsAvYymj6.dKY Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi, I have some questions about how routing works for jails.=20 I have a FreeBSD 11.1 host in a datacenter. Which has only a routed IP and different /29 routed networks. The IP is setup as /32 and there is a default route to the router of the datacenter: #ifconfig em1 (...) inet a.a.a.57 netmask 0xffffffff broadcast a.a.a.57 (...) # netstat -rn (...) Destination Gateway Flags Netif Expire default a.a.a.1 UGS em1 (...) If I create jails like # ezjail-admin create somejail 'lo1|b.b.b.238,lo1|127.b.b.238' everything is fine until some service in the jail tries to bind to 127.0.0.1. Because it will bind to the public IP b.b.b.238. The Handbook [1] tells=20 "Inside a jail, access to the loopback address 127.0.0.1 is redirected to the first IP address assigned to the jail." If I change the order of the IP-Adresses the service will bind to 127.b.b.238. But inside the Jail Networking fails in a way that I can't debug. I can conntect from the outside via ssh but I can't connect from the Jail to an external Server. I can't find any differences in routing table or ifconfig between both setups. I also tried to use tap interfaces instead of lo, but it results in the same.=20 I wonder how others solve this problem. I searched a lot, but couldn't find a solution. Maybe you don't have a solution, but can give me a hint to debug the Problem. Thank you! regards Ole [1] https://www.freebsd.org/doc/handbook/jails-ezjail.html --Sig_/mb2yi3yffgYsAvYymj6.dKY Content-Type: application/pgp-signature Content-Description: Digitale Signatur von OpenPGP -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJaYJGrAAoJECWWkUao5JRQxrsQAIu2FRtuvf1F+U2CqZRR196+ iQnzln6sEXY/B/gLlQPzlaDvXqtt0UvuHWZ8E/YNj74RK8dAaZ6BGaUYgGkGwyqE 6JmzQGy578A1K8KY9u40lH1XKNAXH4kolFArEPfSI3ywszYMiDkcoCAbr4kZo/La ou5tAudxCv96QWdWay7+ynI1jSGwIQ4MKnRRveYabl5okxIa8XKhycM3qsdvR5r/ 6+Dr0ltaoVnvnhRw2I4O527R/ZMaD47exjOGZcns+ypWWL8zIdvoy76knqu0tSxW FXD83tAlt7MW21I7EFdxNZD8wesiFjOTZmppedwCpa40z4s90OI6vbYKjNviHRwq EOZrO1qvCpuW+7CW+sWAMj90jsHEDrEqT+VtQ8ZD7kWv/2P8uUc/6a1cvWonyrSR NYRGPWAZuFjuj9Xu/xabN2sRFgdbQKVg+guuHzYU/oyVm3PIPyb/m7Kr6NdOxJKn DdK8rnAAt9vXQn4hshkSUJAVfOlCn4eZa9JWwV1BtR5rx1wfDpnDULwZuLV86GnP bb8nSJRubT41fICEmbWBdMNaxDE8gIK+EASrNyjddvqWpGDYVIp/4i/mXH+PNEax JxBJEJDBHqQ8BMGoJC+jedwsKLa0GD2t8I/Ln7eApWG86zWlCKtOVKLYM/K4ohof pLfyNvuzEcfrMupQ9Qw7 =v3Fb -----END PGP SIGNATURE----- --Sig_/mb2yi3yffgYsAvYymj6.dKY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180118132304.3455fa43.ole>