Date: Wed, 7 Feb 2018 10:52:06 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: FreeBSD jails, dns and ping Message-ID: <52f596f2-2140-d704-af27-fc2fda53e9ca@FreeBSD.org> In-Reply-To: <ae6bcd172868583d65438c3cd33285fe.squirrel@webmail.harte-lyne.ca> References: <mailman.5031.1517909966.1562.freebsd-questions@freebsd.org> <ae6bcd172868583d65438c3cd33285fe.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/02/2018 16:17, James B. Byrne via freebsd-questions wrote:
> Note that local_unbound worked with both resolv.conf settings. But
> both ping and pkg gave me grief with the first and worked with the
> second.
>
> My understanding, admittedly perfunctory, has been that one is
> SUPPOSED to use 127.0.0.1 inside a jail wherever the standard loopback
> address is required. And that the jail system takes care of remapping
> 127.0.0.1 to whatever address is assigned to the loopback interface
> that the jail is configured to use.
>
> What have I misunderstood? Had I misconfigured something that is
> documented otherwise than what I had done?
Yes, that is the way it is supposed to work: any attempt to access
127.0.0.1 (possibly 127.0.0.0/8 BICBW) or ::1 is remapped to the jail
address. Mostly this works fine, but some applications -- unbound(8)
being one of them -- will detect that the packet was sent to 127.0.0.1
but received on a different interface and drop the packet.
Your possible solutions are:
* Tweak the local_unbound or unbound configuration to use the jail
address explicitly.
* Investigate VIMAGE jails, which have their own network stacks and
consequently a lo0 interface within the jail.
Cheers,
Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52f596f2-2140-d704-af27-fc2fda53e9ca>