Date: Thu, 18 Jan 2018 13:23:04 +0100 From: Ole <ole@free.de> To: freebsd-jail@freebsd.org Subject: Jails routing and localhost Message-ID: <20180118132304.3455fa43.ole@free.de>
next in thread | raw e-mail | index | archive | help
--Sig_/mb2yi3yffgYsAvYymj6.dKY
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Hi,
I have some questions about how routing works for jails.=20
I have a FreeBSD 11.1 host in a datacenter. Which has only a routed IP
and different /29 routed networks. The IP is setup as /32 and there is a
default route to the router of the datacenter:
#ifconfig em1
(...)
inet a.a.a.57 netmask 0xffffffff broadcast a.a.a.57
(...)
# netstat -rn
(...)
Destination Gateway Flags Netif Expire
default a.a.a.1 UGS em1
(...)
If I create jails like
# ezjail-admin create somejail 'lo1|b.b.b.238,lo1|127.b.b.238'
everything is fine until some service in the jail tries to bind to
127.0.0.1. Because it will bind to the public IP b.b.b.238.
The Handbook [1] tells=20
"Inside a jail, access to the loopback address 127.0.0.1 is
redirected to the first IP address assigned to the jail."
If I change the order of the IP-Adresses the service will bind to
127.b.b.238. But inside the Jail Networking fails in a way that I can't
debug. I can conntect from the outside via ssh but I can't connect from
the Jail to an external Server. I can't find any differences in
routing table or ifconfig between both setups.
I also tried to use tap interfaces instead of lo, but it results in the
same.=20
I wonder how others solve this problem. I searched a lot, but couldn't
find a solution. Maybe you don't have a solution, but can give me a
hint to debug the Problem. Thank you!
regards
Ole
[1] https://www.freebsd.org/doc/handbook/jails-ezjail.html
--Sig_/mb2yi3yffgYsAvYymj6.dKY
Content-Type: application/pgp-signature
Content-Description: Digitale Signatur von OpenPGP
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJaYJGrAAoJECWWkUao5JRQxrsQAIu2FRtuvf1F+U2CqZRR196+
iQnzln6sEXY/B/gLlQPzlaDvXqtt0UvuHWZ8E/YNj74RK8dAaZ6BGaUYgGkGwyqE
6JmzQGy578A1K8KY9u40lH1XKNAXH4kolFArEPfSI3ywszYMiDkcoCAbr4kZo/La
ou5tAudxCv96QWdWay7+ynI1jSGwIQ4MKnRRveYabl5okxIa8XKhycM3qsdvR5r/
6+Dr0ltaoVnvnhRw2I4O527R/ZMaD47exjOGZcns+ypWWL8zIdvoy76knqu0tSxW
FXD83tAlt7MW21I7EFdxNZD8wesiFjOTZmppedwCpa40z4s90OI6vbYKjNviHRwq
EOZrO1qvCpuW+7CW+sWAMj90jsHEDrEqT+VtQ8ZD7kWv/2P8uUc/6a1cvWonyrSR
NYRGPWAZuFjuj9Xu/xabN2sRFgdbQKVg+guuHzYU/oyVm3PIPyb/m7Kr6NdOxJKn
DdK8rnAAt9vXQn4hshkSUJAVfOlCn4eZa9JWwV1BtR5rx1wfDpnDULwZuLV86GnP
bb8nSJRubT41fICEmbWBdMNaxDE8gIK+EASrNyjddvqWpGDYVIp/4i/mXH+PNEax
JxBJEJDBHqQ8BMGoJC+jedwsKLa0GD2t8I/Ln7eApWG86zWlCKtOVKLYM/K4ohof
pLfyNvuzEcfrMupQ9Qw7
=v3Fb
-----END PGP SIGNATURE-----
--Sig_/mb2yi3yffgYsAvYymj6.dKY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180118132304.3455fa43.ole>