From owner-freebsd-questions@FreeBSD.ORG Wed Mar 11 14:58:40 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 794C3D6A; Wed, 11 Mar 2015 14:58:40 +0000 (UTC) Received: from bede.qeng-ho.org (bede.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 118BF9E3; Wed, 11 Mar 2015 14:58:39 +0000 (UTC) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by bede.home.qeng-ho.org (8.14.9/8.14.7) with ESMTP id t2BEwatJ047184; Wed, 11 Mar 2015 14:58:37 GMT (envelope-from freebsd@qeng-ho.org) Message-ID: <5500581C.8060300@qeng-ho.org> Date: Wed, 11 Mar 2015 14:58:36 +0000 From: Arthur Chance User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Matthew Seaman , freebsd-questions@freebsd.org Subject: Re: Jail with bitblee running, connection timed out References: <87vbi7zlc8.fsf@piet.i-did-not-set--mail-host-address--so-tickle-me> <55004C8E.5050407@FreeBSD.org> In-Reply-To: <55004C8E.5050407@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Mar 2015 14:58:40 -0000 On 11/03/2015 14:09, Matthew Seaman wrote: > On 2015/03/11 13:59, 1126 (Christian Lask) wrote: >> `stockstat -l4p 6667` reveals that it is indeed listening on the jails >> IP on port 6667. In Weechat then I added a new server (localhost/6667) >> and tried to connect to it. This connection however is never established >> and times out. I do not know how to debug this properly and have no idea >> what is wrong here. Configuration of both seems pretty straightforward, >> so I don't know what I am doing wrong here. > > Jails tend not to have localhost (ie. 127.0.0.1 or ::1) addresses > accessible to them[*]. Try logging into the jail and examine the output > of 'ifconfig -a' -- compare it with what you get on the host system. The networking code special cases attempts to connect to or listen on 127.0.0.1 (or ::1 for IPv6) within jails and replaces those addresses with the primary IP address for the jail (failing if there isn't one). Take a look at prison_(local|remote)_ip[46] in /usr/src/sys/kern/kern_jail.c and their uses in the inet code. (I'm looking at 10.1-REL code). Did the OP actually have an /etc/hosts in the jail? If not, localhost wouldn't resolve. Not sure why that would cause a hang though. > If you want some processes within the same jail to be able to > communicate through a network-like protocol, then unix domain sockets > are the way to go, assuming that the software you want to run supports > them. Failing that, you'll have to use the jail's allocated IP number(s). > > Cheers, > > Matthew > > [*] There is a new alternative style of jail, called a VNET jail, which > you could use and that do have their own loopback interfaces and > localhost addresses, but these are still fairly new, somewhat more > complicated to setup and still not thoroughly debugged. Last I checked, > they also required you to run a custom kernel. -- Those who do not learn from computing history are doomed to GOTO 1