loopback in jail

Andrei Kolu antik at bsd.ee
Thu Nov 11 08:31:34 UTC 2010 

2010/11/10 Michael Scheidell <michael.scheidell at secnap.com>
>
> for amavisd-new, right?
>
>
> On 11/10/10 12:16 PM, Andrei Kolu wrote:
>
> Hi,
>
> I have problem with binding port to localhost inside of jail (ezjail).
>
> can only have one '127.0.0.1'.  even with vnet, I am sure.
>
>
> /usr/local/etc/amavisd.conf:$inet_socket_port = 10024;
> should be fine.
> however, you also need this:
>
> @inet_acl = ( qw [ 0.0.0.0/0 ] );
>
> plus a lot of things.  We have a commercial hosted email security product with multiple dozens of amavisd based VPS's and it took a while to get it to work.
> try the amavisd users group as well.
>
> --
> Michael Scheidell, CTO

I see. But I am testing right now kernel with "options VIMAGE" and
here is the results:

# ifconfig epair create
# jail -c vnet name=test1 host.hostname=test1 path=/ persist
# ifconfig epair0b vnet 1
# jexec 1 ifconfig epair0b 192.168.11.2
# jexec 1 ifconfig

lo0: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:62:68:00:05:0b
        inet 192.168.11.2 netmask 0xffffff00 broadcast 192.168.11.255
        inet6 fe80::62:68ff:fe00:50b%epair0b prefixlen 64 scopeid 0x2
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>

Now I'll try to configure localhost!

# jexec 1 ifconfig lo0 localhost

Let me see what's happened
# jexec 1 ifconfig

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:62:68:00:05:0b
        inet6 fe80::62:68ff:fe00:50b%epair0b prefixlen 64 scopeid 0x2
        inet 192.168.11.2 netmask 0xffffff00 broadcast 192.168.11.255
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>

Wow, I have local ip address now. Can't do same thing without VIMAGE

# ifconfig lo0 localhost
ifconfig: ioctl (SIOCDIFADDR): permission denied

This is only preliminary testing but things are looking quite different I guess.

FreeBSD 8.1-STABLE #1: Thu Nov 11 09:36:29 EET 2010

More information about the freebsd-jail mailing list