[solved] Re: Jails, ping, and now DNS

James B. Byrne byrnejb at harte-lyne.ca
Fri Feb 2 16:11:35 UTC 2018 

On Fri, February 2, 2018 10:44, Ernie Luzar wrote:
>
> Your problem is your using ezjail which uses the deprecated rc.conf
> environment-variable method. Most jail users have stopped using ezjail
> so support for problems like you are having is very limited.
>

Actually, no, the problem is not with ezjail at all.  I have
re-discovered that network changes relating to jails are not
completely cleared with:

service netif restart && service routing restart &

I had found in the past, but had in the meantime forgotten, that is
actually necessary to restart the host system to remove all artefacts
of previous jailed network configurations.  Once I did that then all
of the mysterious problems that I was having in the jail disappeared. 
The hint was when I compared an existing jail with the new one I was
attempting to configure.  On the pre-existing jail I saw this:

# netstat -an | grep -i listen
netstat: kvm not available: /dev/mem: No such file or directory
tcp4       0      0 *.22                   *.*                    LISTEN
tcp4       0      0 127.0.124.1.53         *.*                    LISTEN

On the jail that I was working on I saw this instead:

root at hll107:~ # service local_unbound onestatus
local_unbound is running as pid 2792.

root at hll107:~ # netstat -an | grep -i listen
netstat: kvm not available: /dev/mem: No such file or directory
tcp4       0      0 127.0.107.1.25         *.*                    LISTEN


Curious is it not?  This problem, no listening port 53 open on the
jail whilst unbound is running therein, persisted no matter how many
times I reset the netif and routing services; both inside the jail and
on the host.  Shutting down and restarting the jail did not change
anything either.  However, shutting down and restarting the host and
then starting the jail resulted in this:

[root at hll107 ~]# netstat -an | grep -i listen
netstat: kvm not available: /dev/mem: No such file or directory
tcp4       0      0 127.0.107.1.53         *.*                    LISTEN
tcp4       0      0 127.0.107.1.25         *.*                    LISTEN

So something on the host can get misaligned when one does numerous
network configuration changes during setup of a new jail. And the only
means I have discovered to correct it is to restart the host.

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the freebsd-questions mailing list