dhclient(8) sets wrong interface netmask on boot up

Cary lists at flederma.us
Mon Sep 14 01:38:28 UTC 2015


On 09/12/2015 14:24, Warren Block wrote:
> On Sat, 12 Sep 2015, Cary wrote:
>> On 09/12/2015 10:45, Adam Vande More wrote:
>>>>
>>>> [/etc/rc.conf]
>>>> hostname="public.fbsd.local"
>>>> ifconfig_em0="DHCP"
>>>> cloned_interfaces="${cloned_interfaces} lo1"
>>>>
>>>
>>> previous line doesn't make much sense.
>>>
>>
>> That was copied from the FreeBSD handbook section on managing jails
>> (https://www.freebsd.org/doc/handbook/jails-ezjail.html). I didn't think
>> that the jails would mess with the base host network configuration.
> 
> Well, they add aliases.  The cloned_interfaces line lets the jails use a
> separate loopback interface from the host.
> 
>> However, after re-looking at the jail config, I changed the config line
>> in /usr/local/etc/ezjail/www_local from:
>>
>> export jail_www_local_ip="lo1|127.0.1.1,em0|192.168.20.166"
>> to
>> export jail_www_local_ip="lo1|127.0.1.1"
> 
> Wait, you were assigning the host's IP address to the jail?  That's the
> problem.
> 

Thanks, Warren. The jails-ezjail.html page sets up the dnsjail example
using both the cloned loopback and the system IP (Procedure 14.1). I
guess in that case, the system IP was static and not DHCP-assigned?


>> After reboot, I was able to SSH into it without trouble. But now the
>> httpd server cannot bind to the em0 interface. I guess I can forward
>> traffic with ipfw or pfctl to get around that issue.
>>
>> LESSON LEARNED: ezjail *will* override the DHCP-assigned configuration
>> of an interface!
> 
> Well... when the jail is reusing the host's IP address, yes.  Jails use
> aliases, and the netmask for an alias is 0xffffffff (255.255.255.255).
> So the host got an IP address and valid netmask from the DHCP server at
> boot, then the jail startup reassigned the same IP address to the host
> as an alias, setting an alias netmask.  From earlier posts:
> 
>>> <       inet 192.168.20.166 netmask 0xffffffff broadcast 192.168.20.166
>>> ---
>>>>       inet 192.168.20.166 netmask 0xffffff00 broadcast 192.168.20.255
> 
> It's a little surprising that didn't fail with an error.
> 
The only error I saw in dmesg or /var/log/messages was the following:
Sep 11 09:51:55 public kernel: arpresolve: can't allocate llinfo for
192.168.20.1 on em0
Sep 11 09:51:55 public last message repeated 11 times
Sep 11 09:55:20 public kernel: arpresolve: can't allocate llinfo for
192.168.20.1 on em0
Sep 11 09:55:33 public last message repeated 4 times

Googling for that error was not very helpful in resolving the issue,
hence the email to -questions.


> The current setup (not specifying an IP address for the jail) ends up
> using the host's IP address again.  That also seems like a mistake, but
> maybe not.

I don't know what the default should be, but I appreciate the help in
better understanding what is happening on the back-end.

All the best!



More information about the freebsd-questions mailing list