Jails, loopback interfaces and sendmail
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Thu Jun 4 21:01:19 UTC 2009
On Thu, 4 Jun 2009, Dirk Engling wrote:
Hi,
> However, grep -R 127.0.0.1 /etc reveals, that sendmail in many places
> assumes localhost to be on 127.0.0.1 instead of looking it up in
> /etc/hosts or using 127.0.0.0/8 to identify a local connection.
or possibly other methods that would find even more things to be
"local".
> I worry that more programmers made those assumptions, possibly breaking
> more tools.
yes, bind tools are another of those things that have problems with
various address magics.
> My question is: Who's the right guy to beg to fix sendmail or
> alternatively would it be smart to allow each jail to have its own
If programmers assume 127.0.0.1 is hte one and only loopback it's
because of two things - 1) this has been done in the very old days
where people updated the hosts file with uucp to know all hosts in the
nwetwork and was never updated. or 2) they are clueless or lazy.
> concept of 127.0.0.1 on a dummy interface mapped to all jails, that
As others mentioned connection from/to 127.0.0.1 will be mapped to the
primary address of the jail; if you listen on 127.0.0.1 and the
primary address is a public address you will be visible to the world
(given your base system routes and permits that address to be
reached). But that's been like that since probably 4.0.
With the virtual network stack you will be bale to have your own
loopback with each jail do not even think about doing something like
this; it would never ever hit the tree anymore and it has been done by
others already (for you - and others;).
/bz
--
Bjoern A. Zeeb The greatest risk is not taking one.
More information about the freebsd-hackers
mailing list