[Bug 256681] [route] Incorrect loopback route for aliases IP addresses

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 01 Jun 2022 10:25:19 +0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256681

Philipp Wuensche <cryx-ports_at_h3q.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cryx-ports_at_h3q.com

--- Comment #7 from Philipp Wuensche <cryx-ports_at_h3q.com> ---
This is hitting me in my jail setups also.

Up until 12.3 I had jails running on lo1 interfaces in the e.g. 127.1.1.0/24
range running services for the jails that are running on ipaddr. of the hosts
external interfaces.
Like a jail running postgresql on 127.1.1.1 and several webservice jails
running on external ipaddr. using this postgresql jail as their database.

This had the nice effect of jails on the loopback ipaddr. not being able to
reach the internet and vice versa, even without a firewall in place, and me not
guessing rfc1918 ipaddr. that might not being used somewhere else in the
network.

Multiple jails on the external interface resulted in /32 aliases on the
external interface, which wasn't a problem until FreeBSD 13.
>From now on, the jails that had a /32 alias ipaddr. where unable to reach the
services running in loopback jails, due to the missing lo0 route.

For me this is a regression or at least it is somewhat unpleasant that this
change in behaviour is just mentioned as "Duplicate routes installation issue
for /32 or /128 interface aliases has been fixed" in the release notes of 13.0. 

I know there are solutions like VNET for jails etc.pp. but I just wanted to
mention this here for all the users that will run into this issue.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Wed Jun 01 2022 - 10:25:19 UTC

Original text of this message