Jail with public IP alias

Alejandro Imass aimass at yabarana.com
Fri Aug 30 00:02:12 UTC 2013


On Thu, Aug 29, 2013 at 5:07 PM, Patrick <gibblertron at gmail.com> wrote:
> On Thu, Aug 29, 2013 at 12:07 PM, Alejandro Imass <aimass at yabarana.com> wrote:
>> On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt <frank2 at fjl.co.uk> wrote:
>>> On 29/08/2013 09:52, Frank Leonhardt wrote:
>>>>
>>

[...]

> Aliases should have a netmask of 255.255.255.255. What you seeing is
> not typical behaviour on FreeBSD.
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-virtual-hosts.html
>
> Patrick

Thanks for pointing this out, the manual is effectively very clear on
this. So, I changed the masks for ALL the aliases on that server to
/32. It alone has more than 30 aliases on lo0 and 4 public IPs. I
tested and still has the same problem. So I rebooted just in case and
the problem still persists:

$ ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:30:48:bd:b9:1a
inet xxx.yyy.52.74 netmask 0xffffff80 broadcast xxx.yyy.52.127
inet xxx.yyy.52.70 netmask 0xffffffff broadcast xxx.yyy.52.70
inet xxx.yyy.52.71 netmask 0xffffffff broadcast xxx.yyy.52.71
inet xxx.yyy.52.73 netmask 0xffffffff broadcast xxx.yyy.52.73
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active

$ ssh -b xxx.yyy.52.70 foo at bar
Password:
7:58PM  up 131 days,  3:14, 1 user, load averages: 0.02, 0.01, 0.00
USER             TTY      FROM              LOGIN@  IDLE WHAT
foo           pts/14   xxx.yyy.52.74     7:58PM     - w -n

$ ssh -b xxx.yyy.52.71 foo at bar
Password:
7:58PM  up 131 days,  3:14, 1 user, load averages: 0.02, 0.01, 0.00
USER             TTY      FROM              LOGIN@  IDLE WHAT
foo           pts/14   xxx.yyy.52.74     7:58PM     - w -n

$ ssh -b xxx.yyy.52.73 foo at bar
Password:
7:58PM  up 131 days,  3:14, 1 user, load averages: 0.02, 0.01, 0.00
USER             TTY      FROM              LOGIN@  IDLE WHAT
foo           pts/14   xxx.yyy.52.74     7:58PM     - w -n

I don't understand why I get different results than yours and Frank's.
We run a pretty standard set-up so why is this not working for us.
Could it be because we turned off TCO on the NIC ?

One of you asked about NAT. We are using natd to nat some public ports
to other ports on the private IPs that are aliases of lo0. This is for
the jails that don't have public IPs we just forward some ports to the
jail's ports like this:

For example:

redirect_port tcp 192.168.101.123:22 12322
redirect_port tcp 192.168.101.123:80 12380

Could this have an effect on OUTBOUND connections?? Seems unlikely to
me but I think one of you asked about NAT I suspect for a good reason.

I'll turn off the natting temporarily and test.

Best,

-- 
Alejandro Imass


More information about the freebsd-questions mailing list