Date: Thu, 29 Aug 2013 19:53:55 -0400 From: Alejandro Imass <aimass@yabarana.com> To: Patrick <gibblertron@gmail.com> Cc: Frank Leonhardt <frank2@fjl.co.uk>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Jail with public IP alias Message-ID: <CAHieY7Sg_iXfZLQ9NUpvKpoC_U0KRMK53imBGzfALn05DbobDg@mail.gmail.com> In-Reply-To: <CA%2BdWbmYaAOo8JheDGBLPeMzriUjSfcr8zuNfZy1NaYuDRyP7YQ@mail.gmail.com> References: <CAHieY7Sq5XKFuwp9PYnbuLAM6i=6KrrS8h-RM2uJUCzgAQ5rcw@mail.gmail.com> <CAHieY7QnkKv3st31tFHipd7q1jZ1YnFAXizQvgFKjH4oPc5Hsw@mail.gmail.com> <CA%2BdWbmYDfNNAv1kV=68eGQ8ySs9G07TZz_6zE0Fkit5t40484g@mail.gmail.com> <CAHieY7ROHTret4QgCfgUaO5t1HwPzoi8O%2B85y7KKjCW=haoGmg@mail.gmail.com> <CA%2BdWbmb6VqmjQAiEyLmsE_%2BP8bHNZxf_Yff7BZAzdDEM3Ka4SA@mail.gmail.com> <521DC5EC.1010701@fjl.co.uk> <CAHieY7TpuAcpEAqLc8=kUf=GOiwu2DonoRkTJ60stBUsVMQCcQ@mail.gmail.com> <CA%2BdWbmbzwDV=UeUPonAKdpM080=rAvQ6xu_BG3FbRYWM4pwjoQ@mail.gmail.com> <521E5976.8000605@fjl.co.uk> <CAHieY7QshB9tVrthZkuqiwWQewN1V2ZOcTZo=B_ziSKaOo%2BDWg@mail.gmail.com> <521F0BD6.7040306@fjl.co.uk> <521F0E6B.8020507@fjl.co.uk> <CAHieY7THrx5%2Bu1OSshhq8053JLJKxfOfS=o37or1bHor%2BCkT5g@mail.gmail.com> <CA%2BdWbmYaAOo8JheDGBLPeMzriUjSfcr8zuNfZy1NaYuDRyP7YQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 29, 2013 at 5:07 PM, Patrick <gibblertron@gmail.com> wrote: > On Thu, Aug 29, 2013 at 12:07 PM, Alejandro Imass <aimass@yabarana.com> wrote: >> On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt <frank2@fjl.co.uk> wrote: >>> On 29/08/2013 09:52, Frank Leonhardt wrote: >>>> >> [...] > Aliases should have a netmask of 255.255.255.255. What you seeing is > not typical behaviour on FreeBSD. > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-virtual-hosts.html > > Patrick Thanks for pointing this out, the manual is effectively very clear on this. So, I changed the masks for ALL the aliases on that server to /32. It alone has more than 30 aliases on lo0 and 4 public IPs. I tested and still has the same problem. So I rebooted just in case and the problem still persists: $ ifconfig em0 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:30:48:bd:b9:1a inet xxx.yyy.52.74 netmask 0xffffff80 broadcast xxx.yyy.52.127 inet xxx.yyy.52.70 netmask 0xffffffff broadcast xxx.yyy.52.70 inet xxx.yyy.52.71 netmask 0xffffffff broadcast xxx.yyy.52.71 inet xxx.yyy.52.73 netmask 0xffffffff broadcast xxx.yyy.52.73 media: Ethernet autoselect (1000baseT <full-duplex>) status: active $ ssh -b xxx.yyy.52.70 foo@bar Password: 7:58PM up 131 days, 3:14, 1 user, load averages: 0.02, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE WHAT foo pts/14 xxx.yyy.52.74 7:58PM - w -n $ ssh -b xxx.yyy.52.71 foo@bar Password: 7:58PM up 131 days, 3:14, 1 user, load averages: 0.02, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE WHAT foo pts/14 xxx.yyy.52.74 7:58PM - w -n $ ssh -b xxx.yyy.52.73 foo@bar Password: 7:58PM up 131 days, 3:14, 1 user, load averages: 0.02, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE WHAT foo pts/14 xxx.yyy.52.74 7:58PM - w -n I don't understand why I get different results than yours and Frank's. We run a pretty standard set-up so why is this not working for us. Could it be because we turned off TCO on the NIC ? One of you asked about NAT. We are using natd to nat some public ports to other ports on the private IPs that are aliases of lo0. This is for the jails that don't have public IPs we just forward some ports to the jail's ports like this: For example: redirect_port tcp 192.168.101.123:22 12322 redirect_port tcp 192.168.101.123:80 12380 Could this have an effect on OUTBOUND connections?? Seems unlikely to me but I think one of you asked about NAT I suspect for a good reason. I'll turn off the natting temporarily and test. Best, -- Alejandro Imass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHieY7Sg_iXfZLQ9NUpvKpoC_U0KRMK53imBGzfALn05DbobDg>