dhclient(8) sets wrong interface netmask on boot up

Cary lists at flederma.us
Mon Sep 14 01:38:28 UTC 2015

On 09/12/2015 14:24, Warren Block wrote:
> On Sat, 12 Sep 2015, Cary wrote:
>> On 09/12/2015 10:45, Adam Vande More wrote:
>>>> [/etc/rc.conf]
>>>> hostname="public.fbsd.local"
>>>> ifconfig_em0="DHCP"
>>>> cloned_interfaces="${cloned_interfaces} lo1"
>>> previous line doesn't make much sense.
>> That was copied from the FreeBSD handbook section on managing jails
>> (https://www.freebsd.org/doc/handbook/jails-ezjail.html). I didn't think
>> that the jails would mess with the base host network configuration.
> Well, they add aliases.  The cloned_interfaces line lets the jails use a
> separate loopback interface from the host.
>> However, after re-looking at the jail config, I changed the config line
>> in /usr/local/etc/ezjail/www_local from:
>> export jail_www_local_ip="lo1|,em0|"
>> to
>> export jail_www_local_ip="lo1|"
> Wait, you were assigning the host's IP address to the jail?  That's the
> problem.

Thanks, Warren. The jails-ezjail.html page sets up the dnsjail example
using both the cloned loopback and the system IP (Procedure 14.1). I
guess in that case, the system IP was static and not DHCP-assigned?

>> After reboot, I was able to SSH into it without trouble. But now the
>> httpd server cannot bind to the em0 interface. I guess I can forward
>> traffic with ipfw or pfctl to get around that issue.
>> LESSON LEARNED: ezjail *will* override the DHCP-assigned configuration
>> of an interface!
> Well... when the jail is reusing the host's IP address, yes.  Jails use
> aliases, and the netmask for an alias is 0xffffffff (
> So the host got an IP address and valid netmask from the DHCP server at
> boot, then the jail startup reassigned the same IP address to the host
> as an alias, setting an alias netmask.  From earlier posts:
>>> <       inet netmask 0xffffffff broadcast
>>> ---
>>>>       inet netmask 0xffffff00 broadcast
> It's a little surprising that didn't fail with an error.
The only error I saw in dmesg or /var/log/messages was the following:
Sep 11 09:51:55 public kernel: arpresolve: can't allocate llinfo for on em0
Sep 11 09:51:55 public last message repeated 11 times
Sep 11 09:55:20 public kernel: arpresolve: can't allocate llinfo for on em0
Sep 11 09:55:33 public last message repeated 4 times

Googling for that error was not very helpful in resolving the issue,
hence the email to -questions.

> The current setup (not specifying an IP address for the jail) ends up
> using the host's IP address again.  That also seems like a mistake, but
> maybe not.

I don't know what the default should be, but I appreciate the help in
better understanding what is happening on the back-end.

All the best!

More information about the freebsd-questions mailing list