loopback in jail
Andrei Kolu
antik at bsd.ee
Thu Nov 11 10:15:30 UTC 2010
2010/11/11 Nikos Vassiliadis <nvass9573 at gmx.com>:
>> Hi,
>>
>> I have problem with binding port to localhost inside of jail (ezjail).
>>
>> instead of this:
>> vscan perl 51376 5 tcp4 194.xxx.yyy.22:10024
>>
>> I need this:
>> vscan perl 51376 5 tcp4 127.0.0.1:10024
>>
>> Is it possible to bind anything inside jail to 127.0.0.1?
>
> Yes, if the jail has rights to the 127.0.0.1 address.
>
>> raidmadi# jail -c persist ip4.addr=127.0.0.1
>> raidmadi# jls
>> JID IP Address Hostname Path
>> 1 - nik /jails/nik
>> 2 - test /
>> 3 - testo /
>> 4 - isudhfius /jails/nik
>> 5 - /
>> 8 127.0.0.1 /
>> raidmadi# jexec 8 csh
>> # nc -l 8888 &
>> [1] 38411
>> # sockstat -4
>> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
>> root nc 38411 3 tcp4 127.0.0.1:8888 *:*
>
> Is this a multi-IP jail? The case is slightly different with multi-IP
> jails. From jail(8):
>
> ip4.addr
> A comma-separated list of IPv4 addresses assigned to the prison.
> If this is set, the jail is restricted to using only these
> address. Any attempts to use other addresses fail, and attempts
> to use wildcard addresses silently use the jailed address
> instead. For IPv4 the first address given will be kept used as
> the source address in case source address selection on unbound
> sockets cannot find a better match. It is only possible to start
> multiple jails with the same IP address, if none of the jails has
> more than this single overlapping IP address assigned to itself.
>
> HTH, Nikos
>
OK, I tried this way:
ezjail config:
export jail_crashtest_ip="194.xxx.yyy.22,127.0.0.1"
I have loopback ip address now:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
But, can't bind anything to 127.0.0.1 anyway. Is this a bug or something?
More information about the freebsd-jail
mailing list