From owner-freebsd-questions@FreeBSD.ORG  Mon Jul  7 19:34:07 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6F70E1065678
	for <freebsd-questions@freebsd.org>;
	Mon,  7 Jul 2008 19:34:07 +0000 (UTC)
	(envelope-from jwm-freebsd-questions@sentinelchicken.net)
Received: from smtp02.lnh.mail.rcn.net (smtp02.lnh.mail.rcn.net
	[207.172.157.102])
	by mx1.freebsd.org (Postfix) with ESMTP id 1DDAA8FC1B
	for <freebsd-questions@freebsd.org>;
	Mon,  7 Jul 2008 19:34:06 +0000 (UTC)
	(envelope-from jwm-freebsd-questions@sentinelchicken.net)
Received: from mr02.lnh.mail.rcn.net ([207.172.157.22])
	by smtp02.lnh.mail.rcn.net with ESMTP; 07 Jul 2008 15:34:06 -0400
Received: from smtp01.lnh.mail.rcn.net (smtp01.lnh.mail.rcn.net [207.172.4.11])
	by mr02.lnh.mail.rcn.net (MOS 3.8.6-GA) with ESMTP id OVI16029;
	Mon, 7 Jul 2008 15:34:06 -0400 (EDT)
Received: from 207-172-209-180.c3-0.bkl-ubr2.sbo-bkl.ma.static.cable.rcn.com
	(HELO sentinelchicken.net) ([207.172.209.180])
	by smtp01.lnh.mail.rcn.net with ESMTP; 07 Jul 2008 15:34:04 -0400
Received: (qmail 97464 invoked from network); 7 Jul 2008 19:33:18 -0000
Received: from aeryn.skepsi.net (HELO crichton.skepsi.net) (10.0.0.101)
	by aeryn.skepsi.net with SMTP; 7 Jul 2008 19:33:18 -0000
Received: (nullmailer pid 97461 invoked by uid 1000);
	Mon, 07 Jul 2008 19:33:18 -0000
Date: Mon, 7 Jul 2008 15:33:18 -0400
From: Jason Morgan <jwm-freebsd-questions@sentinelchicken.net>
To: FreeBSD Questions <freebsd-questions@freebsd.org>
Message-ID: <20080707193318.GB96701@sentinelchicken.net>
References: <2daa8b4e0807070951u607ff031v98b5b96103fdab4@mail.gmail.com>
	<20080707175440.GA95976@sentinelchicken.net>
	<2daa8b4e0807071216t7c5ef147obb794b3f67376334@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2daa8b4e0807071216t7c5ef147obb794b3f67376334@mail.gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Junkmail-Status: score=10/50, host=mr02.lnh.mail.rcn.net
X-Junkmail-SD-Raw: score=unknown,
	refid=str=0001.0A010204.48726FAE.005B,ss=1,fgs=0,
	ip=207.172.4.11, so=2007-10-30 19:00:17,
	dmn=5.4.3/2008-02-01
X-Junkmail-IWF: false
Subject: Re: Jails and IP Aliasing
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2008 19:34:07 -0000

On 2008.07.07 12:16:44, David Allen wrote:
> On Mon, Jul 7, 2008 at 10:54 AM, Jason Morgan
> <jwm-freebsd-questions@sentinelchicken.net> wrote:
> > On 2008.07.07 09:51:33, David Allen wrote:
> >> Unless I'm losing my mind, I'm encountering what seems to yet another
> >> gotcha with jails.  The following has been dumbed down for clarity and
> >> brevity.
> >>
> >> ---------------------------------------------------------------------
> >> # hostname
> >> jailhost.example.org
> >>
> >> # host jailhost
> >> jailhost.example.org has address 10.0.1.2
> >>
> >> # ifconfig fxp0
> >> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> >>         options=b<RXCSUM,TXCSUM,VLAN_MTU>
> >>         ether 00:07:e9:c8:2e:32
> >>         inet 10.0.1.2 netmask 0xffffff00 broadcast 10.0.1.255
> >>         inet 10.0.1.3 netmask 0xffffffff broadcast 10.0.1.3
> >>         inet 10.0.1.4 netmask 0xffffffff broadcast 10.0.1.4
> >>         media: Ethernet autoselect (100baseTX <full-duplex>)
> >>         status: active
> >
> > This is the output for my jail interface. Notice that your jail
> > aliases are broadcasting on the jail's IP. I don't know if this is an
> > issue or not (my jails run on i386 FBSD 6.3), but it's something to
> > look at. How are you setting the aliases?
> >
> > sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >     options=b<RXCSUM,TXCSUM,VLAN_MTU>
> >     inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
> >     inet 10.0.0.101 netmask 0xffffff00 broadcast 10.0.0.255
> >     inet 10.0.0.201 netmask 0xffffff00 broadcast 10.0.0.255
> >     ether xx:xx:xx:xx:xx:xx
> >     media: Ethernet autoselect (1000baseTX <full-duplex,flag0,flag1>)
> >     status: active
> 
> My own aliases:
> 
> # grep fxp0 /etc/rc.conf
> ifconfig_fxp0="inet 10.0.1.2 netmask 0xffffff00"
> ifconfig_fxp0_alias0="10.0.1.3 netmask 0xffffffff"
> ifconfig_fxp0_alias1="10.0.1.4 netmask 0xffffffff"
> ifconfig_fxp0_alias2="10.0.1.5 netmask 0xffffffff"
> 
> My understanding from the handbook is that the mask should be set to all
> ones if the alias is for an address that's part of the same network.  For
> a different segment, it's the first alias that should be set to the real
> netmask, with any additional aliases using a netmask of all ones.
> 
> Granted, the broadcast addresses looks odd.  If I my programming skills
> were better, I'd just read through the code and understand what's really
> happening, but for now, I'm just taking the FreeBSD folks at their word at
> following instructions.  That's a roundabout way of saying I think your
> aliases are set up incorrectly.  ;-)

That it quite possible (I do notice the newer documentation calling
for netmask 0xffffffff). But I have never had any trouble over the
last three years so, you know how it is, if it ain't (too) broke ...

> If you're not seeing the behaviour I'm seeing, do let me know.  But to
> clarify with a concrete example, the following is what I see on the
> jailhost (10.0.1.2) when it connects to port 25 on one of the
> jails (10.0.1.5).
> 
> # tcpdump -nqti lo0 port 25
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on lo0, link-type NULL (BSD loopback), capture size 96 bytes
> IP 10.0.1.5.62110 > 10.0.1.5.25: tcp 0
> IP 10.0.1.5.25 > 10.0.1.5.62110: tcp 0
> IP 10.0.1.5.62110 > 10.0.1.5.25: tcp 0
> IP 10.0.1.5.25 > 10.0.1.5.62110: tcp 89
> IP 10.0.1.5.62110 > 10.0.1.5.25: tcp 0
> 
> # netstat -nf inet
> Active Internet connections
> Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
> tcp4       0      0  10.0.1.5.25            10.0.1.5.62110         ESTABLISHED
> tcp4       0      0  10.0.1.5.62110         10.0.1.5.25            ESTABLISHED
> 
> # sockstat -4 -p 25
> USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
> root     sendmail   16594 1  tcp4   10.0.1.5:25           10.0.1.5:62110
> root     sendmail   16594 4  tcp4   10.0.1.5:25           10.0.1.5:62110
> root     sendmail   16594 7  tcp4   10.0.1.5:25           10.0.1.5:62110
> root     telnet     16593 3  tcp4   10.0.1.5:62110        10.0.1.5:25
> 
> Why the jailhost is suddenly using the jail's IP address is beyond me.

I am actually getting the same results when telnetting to port 25 on
my mailserver jail. Someone else here should be able to offer better
advice. Sorry, I couldn't help.

Good luck,
~Jason