Problem with jail connecting out

Steve Bertrand steve at ibctech.ca
Wed Jun 17 13:13:14 UTC 2009 

Erik Norgaard wrote:
> Erik Norgaard wrote:
> 
>> I have no problem connecting from the host to the jail, but the other
>> way around doesn't work.
>>
>> Also, related, how do I configure multiple interfaces in a jail?
> 
> Second problem solved, starting jail with
> 
>   # jail /var/jail jail 127.0.0.2,172.16.0.2 /bin/sh /etc/rc
> 
> So, now I have:
> 
> vr1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
> mtu 1500
>     options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC>
>     ether 00:40:63:ee:97:f1
>     inet 172.16.0.2 netmask 0xffffffff broadcast 172.16.0.2
>     media: Ethernet autoselect (100baseTX <full-duplex>)
>     status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>     inet 127.0.0.2 netmask 0xffffffff
> 
> Now, I can connect out on vr1 to 172.16.0.1, but not on lo0 to
> 127.0.0.1. Any suggestions what might be wrong?

I don't think that it is a wise idea to be using the loopback address
space to route packets outside of the OS, and it is even possible that
some implementations forbid this behaviour (don't quote me on that).

You could probably break the default behaviour by modifying your routing
table, but I would advise strongly against doing that.

If you want a loopback to be a receive interface, you should clone off a
second one (lo1), and assign an IP address to it that was not designed
to be short circuited within the host, like this:

% grep lo10 /etc/rc.conf

cloned_interfaces="lo1 lo3 lo10 ...etc

# lo10 (IPv4 iBGP loopback, advertised by OSPF)
ifconfig_lo10="UP"
ifconfig_lo10="inet 172.16.104.8 netmask 255.255.255.255"

------

>From RFC 1700:

      (g)   {127, <any>}

         Internal host loopback address.  Should never appear outside
         a host.

Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090617/751ca974/smime.bin

More information about the freebsd-questions mailing list