Date: Thu, 18 Jan 2018 16:52:29 +0000 From: ruth.turner@protechnologyaccounts.net To: freebsd-jail@freebsd.org Subject: Global Cloud and Flash-Storage Install Base Message-ID: <f403043abba413ce8005630fcac0@google.com>
next in thread | raw e-mail | index | archive | help
PGRpdiBkaXI9Imx0ciI+PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0Om5v cm1hbCI+PHNwYW4gIA0Kc3R5bGU9ImNvbG9yOnJnYigzMSw3OCwxMjEpIj5IaSzCoDwvc3Bhbj48 c3Bhbj48L3NwYW4+PC9wPjxwICANCmNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhlaWdo dDpub3JtYWwiPjxzcGFuICANCnN0eWxlPSJjb2xvcjpyZ2IoMzEsNzgsMTIxKSI+PGJyPjwvc3Bh bj48L3A+DQoNCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhlaWdodDpub3JtYWwi PjxzcGFuICANCnN0eWxlPSJjb2xvcjpyZ2IoMzEsNzgsMTIxKSI+SQ0Kd291bGQgbGlrZSB0byBr bm93IGlmIHlvdSBhcmUgaW50ZXJlc3RlZCBpbiBhY3F1aXJpbmfCoDxiPkhQRSAzUEFSIGFuZA0K QXJjU2lnaHQgQ2xpZW50IExpc3QuPC9iPsKgPC9zcGFuPjxzcGFuPjwvc3Bhbj48L3A+PHAgY2xh c3M9Ik1zb05vcm1hbCIgIA0Kc3R5bGU9ImxpbmUtaGVpZ2h0Om5vcm1hbCI+PHNwYW4gIA0Kc3R5 bGU9ImNvbG9yOnJnYigzMSw3OCwxMjEpIj48YnI+PC9zcGFuPjwvcD4NCg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0Om5vcm1hbCI+PHNwYW4gIA0Kc3R5bGU9ImNvbG9y OnJnYigzMSw3OCwxMjEpIj5XZQ0KYWxzbyBwcm92aWRlIHRoZSBIUEUgQ29tcGV0aXRvcnMgQ29u dGFjdCBJbmZvIExpa2U6wqA8Yj5EZWxsIEVNQyBVc2VycywNCk5ldEFwcCBVc2VycywgSERTIFVz ZXJzLCBWZWVhbSBVc2VycywgQWNyb25pcyBVc2VycywgVW5pdHJlbmRzIFVzZXJzLCBWTXdhcmUN CnZTcGhlcmUgVXNlcnMsIE51dGFuaXggVXNlcnMsIE1pY3Jvc29mdCBPZmZpY2UgMzY1IFVzZXJz IGFuZCBBV1MgIA0KVXNlcnMuwqA8L2I+PC9zcGFuPjxzcGFuPjwvc3Bhbj48L3A+PHAgY2xhc3M9 Ik1zb05vcm1hbCIgIA0Kc3R5bGU9ImxpbmUtaGVpZ2h0Om5vcm1hbCI+PHNwYW4gIA0Kc3R5bGU9 ImNvbG9yOnJnYigzMSw3OCwxMjEpIj48Yj48YnI+PC9iPjwvc3Bhbj48L3A+DQoNCjxwIGNsYXNz PSJNc29Ob3JtYWwiICANCnN0eWxlPSJtYXJnaW4tYm90dG9tOjAuMDAwMXB0O2xpbmUtaGVpZ2h0 Om5vcm1hbCI+PHNwYW4gIA0Kc3R5bGU9ImNvbG9yOnJnYigzMSw3OCwxMjEpIj5XZSBoYXZlIDEw MCUgT3B0LUluIERhdGENCkludGVsbGlnZW5jZSBvZiB0aGUgYWJvdmUgdGVjaG5vbG9naWVzLjwv c3Bhbj48c3Bhbj48L3NwYW4+PC9wPjxwICANCmNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJn aW4tYm90dG9tOjAuMDAwMXB0O2xpbmUtaGVpZ2h0Om5vcm1hbCI+PHNwYW4gIA0Kc3R5bGU9ImNv bG9yOnJnYigzMSw3OCwxMjEpIj48YnI+PC9zcGFuPjwvcD4NCg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9ImxpbmUtaGVpZ2h0Om5vcm1hbCI+PHNwYW4gIA0Kc3R5bGU9ImNvbG9yOnJnYigz MSw3OCwxMjEpIj5LaW5kbHkNCmxldCBtZSBrbm93IHlvdXIgaW50ZXJlc3QgdG8gcHJvdmlkZSB5 b3Ugd2l0aCBkZXRhaWxlZCBpbmZvcm1hdGlvbiBmb3IgdGhlDQpzYW1lLsKgPC9zcGFuPjxzcGFu Pjwvc3Bhbj48L3A+PHAgY2xhc3M9Ik1zb05vcm1hbCIgIA0Kc3R5bGU9ImxpbmUtaGVpZ2h0Om5v cm1hbCI+PHNwYW4gIA0Kc3R5bGU9ImNvbG9yOnJnYigzMSw3OCwxMjEpIj48YnI+PC9zcGFuPjwv cD4NCg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0Om5vcm1hbCI+PHNw YW4gIA0Kc3R5bGU9ImNvbG9yOnJnYigzMSw3OCwxMjEpIj5SZWdhcmRzLMKgPGJyPg0KUnV0aCBU dXJuZXI8YnI+DQpNYXJrZXRpbmcgRXhlY3V0aXZlPGJyPg0KPGJyPg0KUmVwbHkg4oCcUmVtb3Zl 4oCdIHRvIE9wdC1PdXQuPC9zcGFuPjxzcGFuPjwvc3Bhbj48L3A+PC9kaXY+DQo8cD4mbmJzcDs8 L3A+PGEgc3R5bGU9J2Rpc3BsYXk6IGJsb2NrOyBtYXJnaW46IDMycHggMCA0MHB4IDA7IHBhZGRp bmc6ICANCjEwcHg7IGZvbnQtc2l6ZTogMWVtOyB0ZXh0LWFsaWduOiBjZW50ZXI7IGJvcmRlcjog MDsgYm9yZGVyLXRvcDogMXB4IHNvbGlkICANCmdyYXk7ICcgaHJlZj0naHR0cHM6Ly9nb28uZ2wv MmtzZFJ2Jz5wb3dlcmVkIGJ5IEdTTS4gRnJlZSBtYWlsIG1lcmdlIGFuZCAgDQplbWFpbCBtYXJr ZXRpbmcgc29mdHdhcmUgZm9yIEdtYWlsLjwvYT4NCg== From owner-freebsd-jail@freebsd.org Thu Jan 18 19:03:34 2018 Return-Path: <owner-freebsd-jail@freebsd.org> Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 661C2EBD0F6 for <freebsd-jail@mailman.ysv.freebsd.org>; Thu, 18 Jan 2018 19:03:34 +0000 (UTC) (envelope-from luke@solentwholesale.com) Received: from mail-qt0-x22b.google.com (mail-qt0-x22b.google.com [IPv6:2607:f8b0:400d:c0d::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 297427BD4D for <freebsd-jail@freebsd.org>; Thu, 18 Jan 2018 19:03:33 +0000 (UTC) (envelope-from luke@solentwholesale.com) Received: by mail-qt0-x22b.google.com with SMTP id z11so7026891qtm.3 for <freebsd-jail@freebsd.org>; Thu, 18 Jan 2018 11:03:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=solentwholesale.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ns7dbu9KwbfMOFQ+Qi0uoEyVJ2uMlM10eG26Qmx5j/w=; b=ZBb3nFEiXSShjOBe8eCnvBWcv5FHiPW21Sh8iRbOpuQdalkZbJRKEoiFgyd9Qfp+IX 0c1FgVb6CfNFwTqCDLTyxKUcU8XSqvI1FS1uC5Jt7EUB4Z2872bN1o6c5NqrxlRdGOsO F1k1gPYxzS9v0/2G6OtJDBlAxaUHhq+f5dfPk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ns7dbu9KwbfMOFQ+Qi0uoEyVJ2uMlM10eG26Qmx5j/w=; b=mi8pYG2HM+I4WQlqLDbAmaUD+UEHsPIxhy8+TLE+4Y4x04inNwJvEozFhpZ7x7KEJP jgZx6gURuWW/fqFm8WsagICSm5W32b8sMva4a64XLAUaGOHzm0z5J8NRjUPvE4AL9ml+ V2nVVj/1py5t6OV0duXgxqTxdKgeVoyNngxSYmd92mehVOI0Os1EKI8M6/liF9OsqY+Y BWmdoOZF4KvGP0FK45dycrqjb7IwqravrYKCbCKuIkfJna4K7DBTzOUn8GztPCofsrQC 6dxeByd57IO1POsTI85OiVBOsIaU47NN61E3wrMUiymMLoZoIwMtjRf8snNsPcq/Midv lt9Q== X-Gm-Message-State: AKwxytfj9CeMKX6HzdXw8QawwA1avqiax52hbDdkKlMnvKqf7N3qjr8Y gSUgIb9zdkgRGu+l/lC0JMl14V3zfCV/yeyaF0WECw== X-Google-Smtp-Source: ACJfBovswXijneTlvRh/BAFtPXMLD25lYJ1lcATrQhRRtaNOrVzr4Hll24JvmDGmXc8rGj0rq5/b3oGvkDwdumF68R4= X-Received: by 10.200.61.137 with SMTP id v9mr28887995qtf.17.1516302212911; Thu, 18 Jan 2018 11:03:32 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.141.6 with HTTP; Thu, 18 Jan 2018 11:03:32 -0800 (PST) Received: by 10.12.141.6 with HTTP; Thu, 18 Jan 2018 11:03:32 -0800 (PST) In-Reply-To: <20180118132304.3455fa43.ole@free.de> References: <20180118132304.3455fa43.ole@free.de> From: Luke Crooks <luke@solentwholesale.com> Date: Thu, 18 Jan 2018 19:03:32 +0000 Message-ID: <CAC0r6X9EspL_YCBxRfH7h44jN_PQ2jAV2H-8dDaf=s_LXJrUSA@mail.gmail.com> Subject: Re: Jails routing and localhost To: Ole <ole@free.de> Cc: freebsd-jail@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>, <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>; List-Post: <mailto:freebsd-jail@freebsd.org> List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>, <mailto:freebsd-jail-request@freebsd.org?subject=subscribe> X-List-Received-Date: Thu, 18 Jan 2018 19:03:34 -0000 Hi Ole, I am by no means an expert, but to me I see your problem is here.. # ezjail-admin create somejail 'lo1|b.b.b.238,lo1|127.b.b.238' You are binding the jail to the same network controller lo1. Usually you would bind the jail like.. # ezjail-admin create somejail 'lo1|127.0.0.238, emX|10.1.1.238' Where 10.1.1.0/24 is your subnet of your host. And you have free range on the network and want to create the jail as a fully fledged host. Seeing as you have only been assigned a /32 for your host. I would imagine you would either need to possibly do something like... # ezjail-admin create somejail 'lo1|127.0.0.238, lo0|127. 0.0.237' E.g bind the jail loopback of lo1 to the host loopback lo0. But I have never seen a configuration like yours using the same device twice, but I could be totally wrong. On 18 Jan 2018 12:58, "Ole" <ole@free.de> wrote: > Hi, > > I have some questions about how routing works for jails. > > I have a FreeBSD 11.1 host in a datacenter. Which has only a routed IP > and different /29 routed networks. The IP is setup as /32 and there is a > default route to the router of the datacenter: > > > #ifconfig em1 > (...) > inet a.a.a.57 netmask 0xffffffff broadcast a.a.a.57 > (...) > > > # netstat -rn > (...) > Destination Gateway Flags Netif Expire > default a.a.a.1 UGS em1 > (...) > > > If I create jails like > > # ezjail-admin create somejail 'lo1|b.b.b.238,lo1|127.b.b.238' > > everything is fine until some service in the jail tries to bind to > 127.0.0.1. Because it will bind to the public IP b.b.b.238. > The Handbook [1] tells > > "Inside a jail, access to the loopback address 127.0.0.1 is > redirected to the first IP address assigned to the jail." > > If I change the order of the IP-Adresses the service will bind to > 127.b.b.238. But inside the Jail Networking fails in a way that I can't > debug. I can conntect from the outside via ssh but I can't connect from > the Jail to an external Server. I can't find any differences in > routing table or ifconfig between both setups. > > > I also tried to use tap interfaces instead of lo, but it results in the > same. > > I wonder how others solve this problem. I searched a lot, but couldn't > find a solution. Maybe you don't have a solution, but can give me a > hint to debug the Problem. Thank you! > > > regards > Ole > > [1] https://www.freebsd.org/doc/handbook/jails-ezjail.html >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f403043abba413ce8005630fcac0>