Date: Wed, 05 Apr 2017 22:24:12 +0200 From: Dave Cottlehuber <dch@skunkwerks.at> To: freebsd-net@freebsd.org Subject: ngrep/tcpdump and cloned interfaces Message-ID: <1491423852.756826.935508952.59809F07@webmail.messagingengine.com>
next in thread | raw e-mail | index | archive | help
hi,
I posted this a week ago to freebsd-questions but got nothing. I hope
its
suitable for asking here.
Today I wanted to observe traffic that is proxied via haproxy between IP
addresses both bound to a lo1 cloned interface.
To my surprise ngrep & tcpdump showed no activity on lo1, but it did
show the expected traffic on lo0. Now I'm not even sure I understand
what a cloned interface is anymore.....
Why does this traffic appear on the other interface at all?
Most importantly, does a jail with a lo1-bound IP address have any
ability outside firewall rules to receive or view traffic using a
lo0-bound IP in a different subnet?
# ngrep -texd lo0 port 1978
T 2017/03/29 19:45:17.838356 10.241.0.3:48176 -> 10.241.0.3:1978 [AP]
50 4f 53 54 20 2f 72 70 63 2f 73 65 74 20 48 54 POST /rpc/set HT
54 50 2f 31 2e 31 0d 0a 55 73 65 72 2d 41 67 65 TP/1.1..User-Age
6e 74 3a 20 46 75 72 6c 3a 3a 48 54 54 50 2f 33 nt: Furl::HTTP/3
2e 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 .09..Content-Typ
65 3a 20 74 65 78 74 2f 74 61 62 2d 73 65 70 61 e: text/tab-sepa
# sockstat -46l
# sockstat -46l |grep 1978
www haproxy 36440 8 tcp4 10.241.0.0:1978 *:*
kyototycoon ktserver73187 6 tcp4 10.241.0.3:1978 *:*
# ifconfig snippets
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet 10.241.0.0 netmask 0xffff0000
inet 10.241.0.3 netmask 0xffffffff
inet 10.241.0.2 netmask 0xffffffff
inet 10.241.0.1 netmask 0xffffffff
inet 10.241.0.5 netmask 0xffffffff
inet 10.241.0.4 netmask 0xffffffff
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
groups: lo
# /etc/pf.conf snippet
protocols = "{ tcp, udp, icmp }"
extl_if="lagg0"
jail_if="lo1"
jail_net = $jail_if:network
nat on $extl_if proto $protocols from $jail_net to any -> ($extl_if)
A+
Dave
_______________________________________________
freebsd-questions@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1491423852.756826.935508952.59809F07>