From owner-freebsd-stable@FreeBSD.ORG Mon Sep 18 20:08:42 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C634816A417 for ; Mon, 18 Sep 2006 20:08:42 +0000 (UTC) (envelope-from raj@pandora.csub.edu) Received: from pandora.csub.edu (pandora.csub.edu [136.168.10.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id DDA6743DC9 for ; Mon, 18 Sep 2006 20:08:29 +0000 (GMT) (envelope-from raj@pandora.csub.edu) Received: from cserv65.csub.edu (cserv65.csub.edu [136.168.10.65]) by pandora.csub.edu (8.13.6/8.13.6) with ESMTP id k8IK8To1036020 for ; Mon, 18 Sep 2006 13:08:29 -0700 (PDT) (envelope-from raj@pandora.csub.edu) Received: from cserv65.csub.edu (localhost [127.0.0.1]) by cserv65.csub.edu (8.13.6/8.13.6) with ESMTP id k8IK8Sp3020568 for ; Mon, 18 Sep 2006 13:08:28 -0700 (PDT) (envelope-from raj@cserv65.csub.edu) Received: (from raj@localhost) by cserv65.csub.edu (8.13.8/8.13.6/Submit) id k8IK8Sha020567 for freebsd-stable@freebsd.org; Mon, 18 Sep 2006 13:08:28 -0700 (PDT) (envelope-from raj) Date: Mon, 18 Sep 2006 13:08:28 -0700 From: Russell Jackson To: freebsd-stable@freebsd.org Message-ID: <20060918200828.GA58066@cserv65.csub.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.12-2006-07-14 Subject: isc-dhcpd and jails bound to an aliased ip X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2006 20:08:42 -0000 Attempting to run isc-dhcpd (using USE_SOCKETS) inside a jail bound to an aliased ip does not appear to work. The process never seems to recieve any broadcast traffic; however, it does see unicast traffic as would be expected. I'm not sure how to debug this since one cannot run tcpdump in the jail to see what traffic is getting there obviously. It works fine if I change the jail to bind to the primary ip on the interface. Not surprisingly, it also works fine if I run it outside of a jail using BPF. Changing the broadcast addresses on the aliases does not seem to change anything. It is just that the kernel will not deliver broadcasts to jails on ip aliases as I suspect? Yes, I now I have a "zombied" jail in the jls listing. There are no processes with a JID of 2 running, and I'm reluctant to reboot the machine because it's in production. If I have to run the jail on the primary ip address, that's okay. I would just prefer to have it running in a seperate jail and still have ssh running on the standard port (less confusing to users). Relevant configuration: em0: flags=8843 mtu 1500 options=b inet6 fe80::213:72ff:fe4b:70e7%em0 prefixlen 64 scopeid 0x1 inet 136.168.1.5 netmask 0xffff0000 broadcast 136.168.255.255 inet 136.168.1.8 netmask 0xffffffff broadcast 136.168.1.8 inet 136.168.1.91 netmask 0xffffffff broadcast 136.168.1.91 ether 00:13:72:4b:70:e7 media: Ethernet autoselect (1000baseTX ) status: active # global jail knobs jail_enable="YES" jail_list="ns1 netstat" jail_set_hostname_allow="NO" # ns1 jail jail_ns1_rootdir="/usr/jail/ns1" jail_ns1_hostname="ns1.csub.edu" jail_ns1_ip="136.168.1.91" jail_ns1_exec_start="/bin/sh /etc/rc" jail_ns1_devfs_enable="YES" jail_ns1_mount_enable="YES" # netstat jail jail_netstat_rootdir="/usr/jail/netstat" jail_netstat_hostname="netstat.csub.edu" jail_netstat_ip="136.168.1.8" jail_netstat_exec_start="/bin/sh /etc/rc" jail_netstat_devfs_enable="YES" jail_netstat_mount_enable="YES" JID IP Address Hostname Path 8 136.168.1.91 ns1.csub.edu /usr/jail/ns1 4 136.168.1.8 netstat.csub.edu /usr/jail/netstat 2 136.168.1.91 ns1.csub.edu /usr/jail/ns1 Thanks, -- Russell A. Jackson Network Analyst CSUB Network Services