From owner-freebsd-jail@freebsd.org Thu Feb 28 10:58:38 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFA151502566 for ; Thu, 28 Feb 2019 10:58:37 +0000 (UTC) (envelope-from SRS0=qdo0=RD=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BF5898C51A for ; Thu, 28 Feb 2019 10:58:36 +0000 (UTC) (envelope-from SRS0=qdo0=RD=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 6E1B628417 for ; Thu, 28 Feb 2019 11:58:33 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 4BD0B28411 for ; Thu, 28 Feb 2019 11:58:32 +0100 (CET) To: freebsd-jail@freebsd.org From: Miroslav Lachman <000.fbsd@quip.cz> Subject: how to determine primary (source) IP address in jail Message-ID: <781124ab-ca3e-f410-1a60-649e216cded6@quip.cz> Date: Thu, 28 Feb 2019 11:58:30 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: BF5898C51A X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [4.28 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MX_GOOD(-0.01)[cached: elsa.codelab.cz]; FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=qdo0=RD=quip.cz=000.fbsd@elsa.codelab.cz]; RECEIVED_SPAMHAUS_PBL(0.00)[209.16.49.86.zen.spamhaus.org : 127.0.0.11]; IP_SCORE(0.29)[ip: (0.71), ipnet: 94.124.104.0/21(0.36), asn: 42000(0.29), country: CZ(0.07)]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=qdo0=RD=quip.cz=000.fbsd@elsa.codelab.cz]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.90)[0.895,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.91)[0.910,0]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; NEURAL_SPAM_LONG(0.99)[0.994,0]; RCVD_IN_DNSWL_NONE(0.00)[4.105.124.94.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; DMARC_NA(0.00)[quip.cz] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 10:58:38 -0000 Is there some easy way to determine the primary (source) address which is used in jail with multiple IP addresses? I came to this problem with running local_unbound in jail. Unbound refuses queries originating in this jail because the do not come from real 127.0.0.1 (which is the only one allowed by default). Unbound in jail see requests come from jails IP. It is easy to determine (in shell script) if jail has only one IP. But what in case where jail has multiple IPs? Is there some sysctl or some call to ifconfig or any other util to get the IP which will be used as source address for queries on local services in jail? I know I can allow all IPs of jail in access-control: a.b.c.d/32 allow access-control: e.f.g.h/32 allow I am just curios if there is some way to get "primary" IP in jail without calling anything from the host environment. Kind regards Miroslav Lachman