FreeBSD jails, dns and ping
Matthew Seaman
matthew at FreeBSD.org
Wed Feb 7 10:52:09 UTC 2018
On 06/02/2018 16:17, James B. Byrne via freebsd-questions wrote:
> Note that local_unbound worked with both resolv.conf settings. But
> both ping and pkg gave me grief with the first and worked with the
> second.
>
> My understanding, admittedly perfunctory, has been that one is
> SUPPOSED to use 127.0.0.1 inside a jail wherever the standard loopback
> address is required. And that the jail system takes care of remapping
> 127.0.0.1 to whatever address is assigned to the loopback interface
> that the jail is configured to use.
>
> What have I misunderstood? Had I misconfigured something that is
> documented otherwise than what I had done?
Yes, that is the way it is supposed to work: any attempt to access
127.0.0.1 (possibly 127.0.0.0/8 BICBW) or ::1 is remapped to the jail
address. Mostly this works fine, but some applications -- unbound(8)
being one of them -- will detect that the packet was sent to 127.0.0.1
but received on a different interface and drop the packet.
Your possible solutions are:
* Tweak the local_unbound or unbound configuration to use the jail
address explicitly.
* Investigate VIMAGE jails, which have their own network stacks and
consequently a lo0 interface within the jail.
Cheers,
Matthew
More information about the freebsd-questions
mailing list