dhclient(8) sets wrong interface netmask on boot up
Cary
lists at flederma.us
Mon Sep 14 01:38:28 UTC 2015
On 09/12/2015 14:24, Warren Block wrote:
> On Sat, 12 Sep 2015, Cary wrote:
>> On 09/12/2015 10:45, Adam Vande More wrote:
>>>>
>>>> [/etc/rc.conf]
>>>> hostname="public.fbsd.local"
>>>> ifconfig_em0="DHCP"
>>>> cloned_interfaces="${cloned_interfaces} lo1"
>>>>
>>>
>>> previous line doesn't make much sense.
>>>
>>
>> That was copied from the FreeBSD handbook section on managing jails
>> (https://www.freebsd.org/doc/handbook/jails-ezjail.html). I didn't think
>> that the jails would mess with the base host network configuration.
>
> Well, they add aliases. The cloned_interfaces line lets the jails use a
> separate loopback interface from the host.
>
>> However, after re-looking at the jail config, I changed the config line
>> in /usr/local/etc/ezjail/www_local from:
>>
>> export jail_www_local_ip="lo1|127.0.1.1,em0|192.168.20.166"
>> to
>> export jail_www_local_ip="lo1|127.0.1.1"
>
> Wait, you were assigning the host's IP address to the jail? That's the
> problem.
>
Thanks, Warren. The jails-ezjail.html page sets up the dnsjail example
using both the cloned loopback and the system IP (Procedure 14.1). I
guess in that case, the system IP was static and not DHCP-assigned?
>> After reboot, I was able to SSH into it without trouble. But now the
>> httpd server cannot bind to the em0 interface. I guess I can forward
>> traffic with ipfw or pfctl to get around that issue.
>>
>> LESSON LEARNED: ezjail *will* override the DHCP-assigned configuration
>> of an interface!
>
> Well... when the jail is reusing the host's IP address, yes. Jails use
> aliases, and the netmask for an alias is 0xffffffff (255.255.255.255).
> So the host got an IP address and valid netmask from the DHCP server at
> boot, then the jail startup reassigned the same IP address to the host
> as an alias, setting an alias netmask. From earlier posts:
>
>>> < inet 192.168.20.166 netmask 0xffffffff broadcast 192.168.20.166
>>> ---
>>>> inet 192.168.20.166 netmask 0xffffff00 broadcast 192.168.20.255
>
> It's a little surprising that didn't fail with an error.
>
The only error I saw in dmesg or /var/log/messages was the following:
Sep 11 09:51:55 public kernel: arpresolve: can't allocate llinfo for
192.168.20.1 on em0
Sep 11 09:51:55 public last message repeated 11 times
Sep 11 09:55:20 public kernel: arpresolve: can't allocate llinfo for
192.168.20.1 on em0
Sep 11 09:55:33 public last message repeated 4 times
Googling for that error was not very helpful in resolving the issue,
hence the email to -questions.
> The current setup (not specifying an IP address for the jail) ends up
> using the host's IP address again. That also seems like a mistake, but
> maybe not.
I don't know what the default should be, but I appreciate the help in
better understanding what is happening on the back-end.
All the best!
More information about the freebsd-questions
mailing list