Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 01 Feb 2022 17:53:17 +0000
From:      bugzilla-noreply@freebsd.org
To:        jail@FreeBSD.org
Subject:   [Bug 255685] PF: JAIL: fail to connect from jail to jail service when pf enabled
Message-ID:  <bug-255685-29815-XNuUQKeFd3@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-255685-29815@https.bugs.freebsd.org/bugzilla/>
References:  <bug-255685-29815@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255685

--- Comment #6 from Laurent Frigault <freebsdbugzilla@agneau.org> ---
(In reply to Laurent Frigault from comment #5)

man ifconfig still says:
..
     alias   Establish an additional network address for this interface.  T=
his
             is sometimes useful when changing network numbers, and one wis=
hes
             to accept packets addressed to the old interface.  If the addr=
ess
             is on the same subnet as the first network address for this
             interface, a non-conflicting netmask must be given.  Usually
             0xffffffff is most appropriate.

but it looks like since 13.0  we can now add aliases with non /32 mask even=
 if
there is already an ip with the same non /32 subnet and this works with jail
ips too.

example:
host configuration:
ifconfig_bge0_alias0=3D"inet 192.168.249.240 netmask 255.255.255.128"

jail configuration:
    ip4.addr +=3D "192.168.249.247/25";

# netstat -rn |fgrep 192.168.=20=20=20=20
192.168.249.128/25 link#1             U          bge0
192.168.249.240    link#1             UHS         lo0
192.168.249.247    link#1             UHS         lo0

lo0 host routes are back and the 2 ips can talk to each other via lo0

This change may ne related to https://www.freebsd.org/releases/13.0R/relnot=
es/
...
Duplicate routes installation issue for /32 or /128 interface aliases has b=
een
fixed. 81728a538d24
...

maybe the ifconfig manual page should be updated to remove=20
"Usually 0xffffffff is most appropriate" from the alias item

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255685-29815-XNuUQKeFd3>