Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 May 2016 11:07:54 +0000
From:      Grzegorz Junka <list1@gjunka.com>
To:        freebsd-jail@freebsd.org
Subject:   Re: jails in different private subnets on the same host
Message-ID:  <573349b9-b10d-e976-6d41-1118f5de4b2c@gjunka.com>
In-Reply-To: <20160519151914.GL15034@home.opsec.eu>
References:  <faf9e698-baee-f988-df64-5bcda4b1c7c9@gjunka.com> <AF80A4F2-3605-43A0-81CD-B68659B694C4@lists.zabbadoz.net> <07d67bd5-206c-edd8-7f47-ef2b5c538e01@gjunka.com> <beafbcae807260bf74db591044c44950@gritton.org> <3aaa36dc-c658-5760-c4bb-d0f991834194@gjunka.com> <20160519151914.GL15034@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 19/05/2016 15:19, Kurt Jaeger wrote:
> Hi!
>
>> Why would it need to use the nameserver if I am telneting through IP?
> Use telnet -N to avoid DNS lookups.

Oh, great! That worked. It could connect to the web server jail 
immediately. So it looks like the problem is with connecting to the DNS 
jail, but why?

This is inside the DNS jail:

*root@dns1:/ # netstat -an*
netstat: kvm not available: /dev/mem: No such file or directory
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4       0      0 192.168.1.60.53 *.*                    LISTEN
tcp4       0      0 192.168.1.60.25 *.*                    LISTEN
udp4       0      0 192.168.1.60.53        *.*
udp4       0      0 192.168.1.60.514       *.*
(... IPv6 entries)

On the problematic jail:

*root@pjp1:/ # cat /etc/resolv.conf *
search myserver.mydomain.com
nameserver 192.168.1.60
options edns0

*root@pjp1:/ # netstat -an*
netstat: kvm not available: /dev/mem: No such file or directory
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4       0      0 10.33.1.40.25 *.*                    LISTEN
tcp4       0      0 10.33.1.40.3306 *.*                    LISTEN
tcp4       0      0 10.33.1.40.80 *.*                    LISTEN
udp4       0      0 10.33.1.40.514         *.*

*root@pjp1:/ # netstat -rn*
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
10.33.1.40         link#4             UHS         lo0


This works immediately:
*root@pjp1:/ # telnet -N 192.168.1.60 53*
Trying 192.168.1.60...
Connected to 192.168.1.60.
Escape character is '^]'.

But this connects after exactly 15 seconds:
*root@pjp1:/ # telnet 192.168.1.60 53*
Trying 192.168.1.60...
Connected to 192.168.1.60.
Escape character is '^]'.

Grzegorz

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?573349b9-b10d-e976-6d41-1118f5de4b2c>