how to determine primary (source) IP address in jail
James Gritton
jamie at freebsd.org
Thu Feb 28 17:46:40 UTC 2019
On 2019-02-28 03:58, Miroslav Lachman wrote:
> Is there some easy way to determine the primary (source) address which
> is used in jail with multiple IP addresses?
>
> I came to this problem with running local_unbound in jail. Unbound
> refuses queries originating in this jail because the do not come from
> real 127.0.0.1 (which is the only one allowed by default). Unbound in
> jail see requests come from jails IP. It is easy to determine (in
> shell script) if jail has only one IP.
> But what in case where jail has multiple IPs? Is there some sysctl or
> some call to ifconfig or any other util to get the IP which will be
> used as source address for queries on local services in jail?
>
> I know I can allow all IPs of jail in
> access-control: a.b.c.d/32 allow
> access-control: e.f.g.h/32 allow
>
> I am just curios if there is some way to get "primary" IP in jail
> without calling anything from the host environment.
There's nothing reliable that I know of. Lists of address like that
from "ifconfig -a" or "netstat -rn" are in the order that they exist on
the host, filtered so only in-jail addresses show up. While this may
work for jails that always create aliases for their addresses in the
defined order (as jail(8) will). they don't work in cases where the
address already exists. It will also have problems when the addresses
are on different interfaces.
- Jamie
More information about the freebsd-jail
mailing list