Date: Sun, 13 Sep 2015 21:38:01 -0400 From: Cary <lists@flederma.us> To: Warren Block <wblock@wonkity.com> Cc: freebsd-questions@freebsd.org Subject: Re: dhclient(8) sets wrong interface netmask on boot up Message-ID: <55F624F9.2080202@flederma.us> In-Reply-To: <alpine.BSF.2.20.1509121206480.58106@wonkity.com> References: <55F398CA.7050308@flederma.us> <CA%2BtpaK2A4kDVo8Ncgqz1FLAWkv83Aey-ay=ci52rbRZu7c3soA@mail.gmail.com> <55F46514.9020702@flederma.us> <alpine.BSF.2.20.1509121206480.58106@wonkity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/12/2015 14:24, Warren Block wrote: > On Sat, 12 Sep 2015, Cary wrote: >> On 09/12/2015 10:45, Adam Vande More wrote: >>>> >>>> [/etc/rc.conf] >>>> hostname="public.fbsd.local" >>>> ifconfig_em0="DHCP" >>>> cloned_interfaces="${cloned_interfaces} lo1" >>>> >>> >>> previous line doesn't make much sense. >>> >> >> That was copied from the FreeBSD handbook section on managing jails >> (https://www.freebsd.org/doc/handbook/jails-ezjail.html). I didn't think >> that the jails would mess with the base host network configuration. > > Well, they add aliases. The cloned_interfaces line lets the jails use a > separate loopback interface from the host. > >> However, after re-looking at the jail config, I changed the config line >> in /usr/local/etc/ezjail/www_local from: >> >> export jail_www_local_ip="lo1|127.0.1.1,em0|192.168.20.166" >> to >> export jail_www_local_ip="lo1|127.0.1.1" > > Wait, you were assigning the host's IP address to the jail? That's the > problem. > Thanks, Warren. The jails-ezjail.html page sets up the dnsjail example using both the cloned loopback and the system IP (Procedure 14.1). I guess in that case, the system IP was static and not DHCP-assigned? >> After reboot, I was able to SSH into it without trouble. But now the >> httpd server cannot bind to the em0 interface. I guess I can forward >> traffic with ipfw or pfctl to get around that issue. >> >> LESSON LEARNED: ezjail *will* override the DHCP-assigned configuration >> of an interface! > > Well... when the jail is reusing the host's IP address, yes. Jails use > aliases, and the netmask for an alias is 0xffffffff (255.255.255.255). > So the host got an IP address and valid netmask from the DHCP server at > boot, then the jail startup reassigned the same IP address to the host > as an alias, setting an alias netmask. From earlier posts: > >>> < inet 192.168.20.166 netmask 0xffffffff broadcast 192.168.20.166 >>> --- >>>> inet 192.168.20.166 netmask 0xffffff00 broadcast 192.168.20.255 > > It's a little surprising that didn't fail with an error. > The only error I saw in dmesg or /var/log/messages was the following: Sep 11 09:51:55 public kernel: arpresolve: can't allocate llinfo for 192.168.20.1 on em0 Sep 11 09:51:55 public last message repeated 11 times Sep 11 09:55:20 public kernel: arpresolve: can't allocate llinfo for 192.168.20.1 on em0 Sep 11 09:55:33 public last message repeated 4 times Googling for that error was not very helpful in resolving the issue, hence the email to -questions. > The current setup (not specifying an IP address for the jail) ends up > using the host's IP address again. That also seems like a mistake, but > maybe not. I don't know what the default should be, but I appreciate the help in better understanding what is happening on the back-end. All the best!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55F624F9.2080202>