Problem with jail connecting out

Steve Bertrand steve at
Wed Jun 17 13:13:14 UTC 2009

Erik Norgaard wrote:
> Erik Norgaard wrote:
>> I have no problem connecting from the host to the jail, but the other
>> way around doesn't work.
>> Also, related, how do I configure multiple interfaces in a jail?
> Second problem solved, starting jail with
>   # jail /var/jail jail, /bin/sh /etc/rc
> So, now I have:
> mtu 1500
>     options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC>
>     ether 00:40:63:ee:97:f1
>     inet netmask 0xffffffff broadcast
>     media: Ethernet autoselect (100baseTX <full-duplex>)
>     status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>     inet netmask 0xffffffff
> Now, I can connect out on vr1 to, but not on lo0 to
> Any suggestions what might be wrong?

I don't think that it is a wise idea to be using the loopback address
space to route packets outside of the OS, and it is even possible that
some implementations forbid this behaviour (don't quote me on that).

You could probably break the default behaviour by modifying your routing
table, but I would advise strongly against doing that.

If you want a loopback to be a receive interface, you should clone off a
second one (lo1), and assign an IP address to it that was not designed
to be short circuited within the host, like this:

% grep lo10 /etc/rc.conf

cloned_interfaces="lo1 lo3 lo10 ...etc

# lo10 (IPv4 iBGP loopback, advertised by OSPF)
ifconfig_lo10="inet netmask"


>From RFC 1700:

      (g)   {127, <any>}

         Internal host loopback address.  Should never appear outside
         a host.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the freebsd-questions mailing list