Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 May 2018 15:29:37 +0100
From:      Arthur Chance <freebsd@qeng-ho.org>
To:        byrnejb@harte-lyne.ca
Cc:        freebsd-questions@freebsd.org
Subject:   Re: What have I neglected to do in order to get networking in a jail?
Message-ID:  <b50e9c55-9575-2a47-da6c-dc28ab9ab839@qeng-ho.org>
In-Reply-To: <aaed89ba54f3d0b3823a0c7ad762273b.squirrel@webmail.harte-lyne.ca>
References:  <mailman.92.1527768001.7501.freebsd-questions@freebsd.org> <3f375650dfee47082e77cba953961a3f.squirrel@webmail.harte-lyne.ca> <a0b59ab1-d295-de37-4ac0-e0a3ae755b62@qeng-ho.org> <aaed89ba54f3d0b3823a0c7ad762273b.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 31/05/2018 15:21, James B. Byrne wrote:
> 
> On Thu, May 31, 2018 09:40, Arthur Chance wrote:
> 
>>
>> I've just taken another look at your original mail. I think the key
>> might be in this
>>
>>> [root@host:~]# jls
>>>    JID  IP Address      Hostname                      Path
>>>      1  127.0.31.1      mx31
>>> /usr/jails/mx31
>>
>> Note address ^^^^^
>>
> 
> The command jls reports the loopback address for all of the jails I
> have defined on other hosts.  For example:
> 
> [root@vhost02 ~]# jls
>    JID  IP Address      Hostname              Path
>      2  127.0.34.1      hlldns04              /usr/jails/hlldns04
>      3  127.0.150.1     hllmx150              /usr/jails/hllmx150
> 
> [root@vhost02 ~]# ezjail-admin console hlldns04
> Last login: Thu May 31 10:14:37 on pts/0
> . . .
> [root@hlldns04 ~]# pkg upgrade
> Updating FreeBSD repository catalogue...
> FreeBSD repository is up to date.
> All repositories are up to date.
> New version of pkg detected; it needs to be installed first.
> The following 1 package(s) will be affected (of 0 checked):
> 
> Installed packages to be UPGRADED:
> 	pkg: 1.10.3_1 -> 1.10.5
> 
> Number of packages to be upgraded: 1
> 
> 3 MiB to be downloaded.
> 
> Proceed with this action? [y/N]:
> 
> This jail has no problem reaching the internet.

Addresses in 127/8 must not appear on the network anywhere
(https://tools.ietf.org/html/rfc5735#page-3), and FreeBSD has specific
checks in the networking code to prevent this. If any jail with such an
address is contacting the network then there must be some form of NAT
involved. I can only suggest you check for differences between the jails
that can get out and the one that can't *and* look for NAT on the
host(s) with jails that can get out.

-- 
An amusing coincidence: log2(58) = 5.858 (to 0.0003% accuracy).

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b50e9c55-9575-2a47-da6c-dc28ab9ab839>