What have I neglected to do in order to get networking in a jail?

James B. Byrne byrnejb at harte-lyne.ca
Thu May 31 19:02:04 UTC 2018

On Thu, May 31, 2018 10:29, Arthur Chance wrote:
> On 31/05/2018 15:21, James B. Byrne wrote:
>> On Thu, May 31, 2018 09:40, Arthur Chance wrote:
>>> I've just taken another look at your original mail. I think the key
>>> might be in this
>>>> [root at host:~]# jls
>>>>    JID  IP Address      Hostname                      Path
>>>>      1      mx31
>>>> /usr/jails/mx31
>>> Note address ^^^^^
>> The command jls reports the loopback address for all of the jails I
>> have defined on other hosts.  For example:
>> [root at vhost02 ~]# jls
>>    JID  IP Address      Hostname              Path
>>      2      hlldns04              /usr/jails/hlldns04
>>      3     hllmx150              /usr/jails/hllmx150

> Addresses in 127/8 must not appear on the network anywhere
> (https://tools.ietf.org/html/rfc5735#page-3), and FreeBSD has specific
> checks in the networking code to prevent this. If any jail with such
> an
> address is contacting the network then there must be some form of NAT
> involved. I can only suggest you check for differences between the
> jails
> that can get out and the one that can't *and* look for NAT on the
> host(s) with jails that can get out.

The 127.0.x.1 addresses are used by the cloned loopback interfaces
that the jails require.  Traffic on those addresses is going nowhere
but back to the jail that owns them.

I have several hosts with multiple jails and on every one of them the
jls command displays the loopback address assigned to the jail.

[root at vhost04 ~ (master #)]# jls
   JID  IP Address      Hostname              Path
     1     hll124                /usr/jails/hll124

[root at vhost02 ~]# jls
   JID  IP Address      Hostname              Path
     1     hllmx150              /usr/jails/hllmx150
     2      hlldns04              /usr/jails/hlldns04

[root at vhost03 ~]# jls
   JID  IP Address      Hostname              Path
     1     hllmx04               /usr/jails/hllmx04
     2      hlldns02              /usr/jails/hlldns02

I can go on but I believe that the point is made. Each of these jails
can reach the internet.  Some hosts are on the same LAN segment as the
host with the jail I am having problems with.  NAT is not involved as
the IP address assigned to the jail's virtual interface is public.

I have discovered my error.  It is a typo in the IP address assigned
to the jail.  I wrote when it should have been
I must have looked at that line in the jail configuration file a dozen
times or more and missed it.

***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the freebsd-questions mailing list