Date: Thu, 31 May 2018 15:01:59 -0400 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: "Arthur Chance" <freebsd@qeng-ho.org> Cc: freebsd-questions@freebsd.org Subject: Re: What have I neglected to do in order to get networking in a jail? Message-ID: <63611c4aa30f84022b570685135a14dc.squirrel@webmail.harte-lyne.ca> In-Reply-To: <b50e9c55-9575-2a47-da6c-dc28ab9ab839@qeng-ho.org> References: <mailman.92.1527768001.7501.freebsd-questions@freebsd.org> <3f375650dfee47082e77cba953961a3f.squirrel@webmail.harte-lyne.ca> <a0b59ab1-d295-de37-4ac0-e0a3ae755b62@qeng-ho.org> <aaed89ba54f3d0b3823a0c7ad762273b.squirrel@webmail.harte-lyne.ca> <b50e9c55-9575-2a47-da6c-dc28ab9ab839@qeng-ho.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 31, 2018 10:29, Arthur Chance wrote: > On 31/05/2018 15:21, James B. Byrne wrote: >> >> On Thu, May 31, 2018 09:40, Arthur Chance wrote: >> >>> >>> I've just taken another look at your original mail. I think the key >>> might be in this >>> >>>> [root@host:~]# jls >>>> JID IP Address Hostname Path >>>> 1 127.0.31.1 mx31 >>>> /usr/jails/mx31 >>> >>> Note address ^^^^^ >>> >> >> The command jls reports the loopback address for all of the jails I >> have defined on other hosts. For example: >> >> [root@vhost02 ~]# jls >> JID IP Address Hostname Path >> 2 127.0.34.1 hlldns04 /usr/jails/hlldns04 >> 3 127.0.150.1 hllmx150 /usr/jails/hllmx150 >> > > Addresses in 127/8 must not appear on the network anywhere > (https://tools.ietf.org/html/rfc5735#page-3), and FreeBSD has specific > checks in the networking code to prevent this. If any jail with such > an > address is contacting the network then there must be some form of NAT > involved. I can only suggest you check for differences between the > jails > that can get out and the one that can't *and* look for NAT on the > host(s) with jails that can get out. > The 127.0.x.1 addresses are used by the cloned loopback interfaces that the jails require. Traffic on those addresses is going nowhere but back to the jail that owns them. I have several hosts with multiple jails and on every one of them the jls command displays the loopback address assigned to the jail. [root@vhost04 ~ (master #)]# jls JID IP Address Hostname Path 1 127.0.124.1 hll124 /usr/jails/hll124 [root@vhost02 ~]# jls JID IP Address Hostname Path 1 127.0.150.1 hllmx150 /usr/jails/hllmx150 2 127.0.34.1 hlldns04 /usr/jails/hlldns04 [root@vhost03 ~]# jls JID IP Address Hostname Path 1 127.0.151.1 hllmx04 /usr/jails/hllmx04 2 127.0.33.1 hlldns02 /usr/jails/hlldns02 I can go on but I believe that the point is made. Each of these jails can reach the internet. Some hosts are on the same LAN segment as the host with the jail I am having problems with. NAT is not involved as the IP address assigned to the jail's virtual interface is public. I have discovered my error. It is a typo in the IP address assigned to the jail. I wrote 218.185.71.31 when it should have been 216.185.71.31. I must have looked at that line in the jail configuration file a dozen times or more and missed it. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63611c4aa30f84022b570685135a14dc.squirrel>