From owner-freebsd-questions@FreeBSD.ORG  Thu Aug 29 19:07:46 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 9D37AC78
 for <freebsd-questions@freebsd.org>; Thu, 29 Aug 2013 19:07:46 +0000 (UTC)
 (envelope-from aimass@yabarana.com)
Received: from mail-pb0-f45.google.com (mail-pb0-f45.google.com
 [209.85.160.45])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 72764219B
 for <freebsd-questions@freebsd.org>; Thu, 29 Aug 2013 19:07:46 +0000 (UTC)
Received: by mail-pb0-f45.google.com with SMTP id mc17so853167pbc.4
 for <freebsd-questions@freebsd.org>; Thu, 29 Aug 2013 12:07:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=2BEHoS2WdeAi/Wl5rxDezBfggIbG3tdxYxFRtZVWvXE=;
 b=PkaZuCpM/wpvj3qgnlqn9w3LDu2TmhVXZ03iCPV4v3rKTIE2+TLlFNUa15KitI9id4
 ekury8FeuyPF9IzrLfHXUoDYhOey0WW4PnSJbkL3NEMmsiE0IzxL0ofFtwLDuGClBl8M
 d6Wum1+8jdmOIrFHATAFTHi4FwejrNMlME7KCkbsO7bpWF6rHsFG5bnByxPCOPz3xjiS
 DiWMqvGJqWpVMd/iPAIped4k2v/GHe+9MhZNrFpjfO6X7wZsSeEpSbrgi4nr1Bcw4IHC
 YnNOzkSgatdgAwmxR+Ffp2Yyqri9tyQnweI2Ggrp1PLoho5Yk9/lLEAqGSMe4k/iCTer
 bUag==
X-Gm-Message-State: ALoCoQl0nU8/hI9WpcuVRyYQxvtlWXLpeSbz4bp23w2muPWSqi/RxxTxAQ5/c+JFXfOf0yVpkLy1
MIME-Version: 1.0
X-Received: by 10.68.137.1 with SMTP id qe1mr5547710pbb.25.1377803260620; Thu,
 29 Aug 2013 12:07:40 -0700 (PDT)
Received: by 10.66.240.5 with HTTP; Thu, 29 Aug 2013 12:07:40 -0700 (PDT)
In-Reply-To: <521F0E6B.8020507@fjl.co.uk>
References: <CAHieY7Sq5XKFuwp9PYnbuLAM6i=6KrrS8h-RM2uJUCzgAQ5rcw@mail.gmail.com>
 <CAHieY7QnkKv3st31tFHipd7q1jZ1YnFAXizQvgFKjH4oPc5Hsw@mail.gmail.com>
 <CA+dWbmYDfNNAv1kV=68eGQ8ySs9G07TZz_6zE0Fkit5t40484g@mail.gmail.com>
 <CAHieY7ROHTret4QgCfgUaO5t1HwPzoi8O+85y7KKjCW=haoGmg@mail.gmail.com>
 <CA+dWbmb6VqmjQAiEyLmsE_+P8bHNZxf_Yff7BZAzdDEM3Ka4SA@mail.gmail.com>
 <521DC5EC.1010701@fjl.co.uk>
 <CAHieY7TpuAcpEAqLc8=kUf=GOiwu2DonoRkTJ60stBUsVMQCcQ@mail.gmail.com>
 <CA+dWbmbzwDV=UeUPonAKdpM080=rAvQ6xu_BG3FbRYWM4pwjoQ@mail.gmail.com>
 <521E5976.8000605@fjl.co.uk>
 <CAHieY7QshB9tVrthZkuqiwWQewN1V2ZOcTZo=B_ziSKaOo+DWg@mail.gmail.com>
 <521F0BD6.7040306@fjl.co.uk> <521F0E6B.8020507@fjl.co.uk>
Date: Thu, 29 Aug 2013 15:07:40 -0400
Message-ID: <CAHieY7THrx5+u1OSshhq8053JLJKxfOfS=o37or1bHor+CkT5g@mail.gmail.com>
Subject: Re: Jail with public IP alias
From: Alejandro Imass <aimass@yabarana.com>
To: Frank Leonhardt <frank2@fjl.co.uk>
Content-Type: text/plain; charset=ISO-8859-1
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Aug 2013 19:07:46 -0000

On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt <frank2@fjl.co.uk> wrote:
> On 29/08/2013 09:52, Frank Leonhardt wrote:
>>

Hi Frank thanks for taking the time to try to replicate this. Here is
all the detailed info

8.1-RELEASE

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
        ether 00:31:88:bd:b9:3a
        inet xxx.yyy.52.74 netmask 0xffffff80 broadcast xxx.yyy.52.127
        inet xxx.yyy.52.70 netmask 0xffffff80 broadcast xxx.yyy.52.127
        inet xxx.yyy.52.71 netmask 0xffffff80 broadcast xxx.yyy.52.127
        inet xxx.yyy.52.73 netmask 0xffffff80 broadcast xxx.yyy.52.127
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active

I use rc.conf standard practice for aliases:

ifconfig_em0="inet xxx.yyy.52.74 netmask 255.255.255.128 -tso"
ifconfig_em0_alias0="inet xxx.yyy.52.70  netmask 255.255.255.128 -tso"
ifconfig_em0_alias1="inet xxx.yyy.52.71  netmask 255.255.255.128 -tso"
ifconfig_em0_alias2="inet xxx.yyy.52.73  netmask 255.255.255.128 -tso"

nune# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            xxx.yyy.52.1       UGS       168 182183463    em0
127.0.0.1          link#4             UH          0        0    lo0
[... internal aliases to lo0 here...]
xxx.yyy.52.0/25    link#1             U           0    68581    em0
xxx.yyy.52.70      link#1             UHS         0    14363    lo0
xxx.yyy.52.71      link#1             UHS         0    64765    lo0
xxx.yyy.52.73      link#1             UHS         0        0    lo0
xxx.yyy.52.74      link#1             UHS         0    29170    lo0

Note the Netif Expire on 71,73,74 are showing lo0 could this be the problem?

nune# ssh -b xxx.yyy.52.71 foo@bar
Password:

> w -n
 3:15PM  up 130 days, 22:30, 3 users, load averages: 0.00, 0.02, 0.00
USER             TTY      FROM              LOGIN@  IDLE WHAT
[...]
foo           pts/24   xxx.yyy.52.74     3:14PM     - w -n

I don't know why mine is showing 74 and from your example it should be
showing 71. Did you see the article below?

http://serverfault.com/questions/12285/when-ip-aliasing-how-does-the-os-determine-which-ip-address-will-be-used-as-sour

This seems to be a pretty common issue or it's just a
miss-configuration problem?

Thanks!

Alejandro Imass