Jails routing and localhost
Ole
ole at free.de
Thu Jan 18 12:28:51 UTC 2018
Hi,
I have some questions about how routing works for jails.
I have a FreeBSD 11.1 host in a datacenter. Which has only a routed IP
and different /29 routed networks. The IP is setup as /32 and there is a
default route to the router of the datacenter:
#ifconfig em1
(...)
inet a.a.a.57 netmask 0xffffffff broadcast a.a.a.57
(...)
# netstat -rn
(...)
Destination Gateway Flags Netif Expire
default a.a.a.1 UGS em1
(...)
If I create jails like
# ezjail-admin create somejail 'lo1|b.b.b.238,lo1|127.b.b.238'
everything is fine until some service in the jail tries to bind to
127.0.0.1. Because it will bind to the public IP b.b.b.238.
The Handbook [1] tells
"Inside a jail, access to the loopback address 127.0.0.1 is
redirected to the first IP address assigned to the jail."
If I change the order of the IP-Adresses the service will bind to
127.b.b.238. But inside the Jail Networking fails in a way that I can't
debug. I can conntect from the outside via ssh but I can't connect from
the Jail to an external Server. I can't find any differences in
routing table or ifconfig between both setups.
I also tried to use tap interfaces instead of lo, but it results in the
same.
I wonder how others solve this problem. I searched a lot, but couldn't
find a solution. Maybe you don't have a solution, but can give me a
hint to debug the Problem. Thank you!
regards
Ole
[1] https://www.freebsd.org/doc/handbook/jails-ezjail.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale Signatur von OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20180118/b9e73bdc/attachment.sig>
More information about the freebsd-jail
mailing list