127.0.0.1 in a jail
Arthur Chance
freebsd at qeng-ho.org
Thu Nov 20 15:55:26 UTC 2014
On 20/11/2014 15:28, Paul Pathiakis via freebsd-questions wrote:
> Hi,
>
> I have a question about jails and localhost.
>
> I have found older documentation that says within a jail 127.0.0.1 is
> mapped to the jail's IP address so that software that maps to localhost
> or 127.0.0.1 get handed the jails IP.
>
I've always understood that to mean that if you attempt to bind(2) a
socket with a socket address of 127.0.0.1 then the jail ip addr (or the
default one when it has more than one ip addr) is substituted. This does
not mean that a DNS (or /etc/hosts) lookup of localhost in a jail will
automatically return the jail ip.
> However, I have tried ping (yes, I turned on raw sockets, bad me.) and
> telnet to a sendmail process I have running.
>
> They both return errors.
>
> PING 127.0.0.1 (127.0.0.1): 56 data bytes
> ping: sendto: Operation not permitted
> ping: sendto: Operation not permitted
> ping: sendto: Operation not permitted
>
>
> # telnet 127.0.0.1
> Trying 127.0.0.1...
> telnet: connect to address 127.0.0.1: Connection refused
> telnet: Unable to connect to remote host
>
>
> Needless to say, this is causing problems with some software that I have
> to install.
>
> Does anyone know how to verify that 127.0.0.1/localhost map to the
> jail's IP?
>
> If it isn't, how do I change it to be so?
I don't think you can do anything to make 127.0.0.1 work as a target for
connecting to - how is the common network stack to decide whether you're
talking to the jail or the main box? It might be possible in VIMAGE
jails, but I have no experience of them.
You could always add an entry for localhost in the jail's /etc/hosts
that is the jail's address rather than 127.0.0.1. That's not going to
happen automatically though.
More information about the freebsd-questions
mailing list