From owner-freebsd-questions@freebsd.org  Fri Feb  2 16:11:35 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12FB1EE13F9
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri,  2 Feb 2018 16:11:35 +0000 (UTC)
 (envelope-from byrnejb@harte-lyne.ca)
Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca
 [216.185.71.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "inet08.hamilton.harte-lyne.ca",
 Issuer "CA_HLL_ISSUER_2016" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9F01C71A65
 for <freebsd-questions@freebsd.org>; Fri,  2 Feb 2018 16:11:34 +0000 (UTC)
 (envelope-from byrnejb@harte-lyne.ca)
Received: from localhost (localhost [127.0.0.1])
 by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id F40B4624E9
 for <freebsd-questions@freebsd.org>; Fri,  2 Feb 2018 11:11:27 -0500 (EST)
X-Virus-Scanned: amavisd-new at harte-lyne.ca
Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1])
 by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id p4eaeGiF1z0M for <freebsd-questions@freebsd.org>;
 Fri,  2 Feb 2018 11:11:25 -0500 (EST)
Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca
 [216.185.71.24])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id C8C9C62467
 for <freebsd-questions@freebsd.org>; Fri,  2 Feb 2018 11:11:24 -0500 (EST)
Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll)
 by webmail.harte-lyne.ca with HTTP; Fri, 2 Feb 2018 11:11:25 -0500
Message-ID: <31a7ab261a3a67b716edf635923c789c.squirrel@webmail.harte-lyne.ca>
In-Reply-To: <5A74875F.9080901@gmail.com>
References: <737005a0c3e97d8d1e9306eb52471f89.squirrel@webmail.harte-lyne.ca>
 <5A74875F.9080901@gmail.com>
Date: Fri, 2 Feb 2018 11:11:25 -0500
Subject: [solved] Re: Jails, ping, and now DNS
From: "James B. Byrne" <byrnejb@harte-lyne.ca>
To: freebsd-questions@freebsd.org
Reply-To: byrnejb@harte-lyne.ca
User-Agent: SquirrelMail/1.4.22-5.el6
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2018 16:11:35 -0000


On Fri, February 2, 2018 10:44, Ernie Luzar wrote:
>
> Your problem is your using ezjail which uses the deprecated rc.conf
> environment-variable method. Most jail users have stopped using ezjail
> so support for problems like you are having is very limited.
>

Actually, no, the problem is not with ezjail at all.  I have
re-discovered that network changes relating to jails are not
completely cleared with:

service netif restart && service routing restart &

I had found in the past, but had in the meantime forgotten, that is
actually necessary to restart the host system to remove all artefacts
of previous jailed network configurations.  Once I did that then all
of the mysterious problems that I was having in the jail disappeared. 
The hint was when I compared an existing jail with the new one I was
attempting to configure.  On the pre-existing jail I saw this:

# netstat -an | grep -i listen
netstat: kvm not available: /dev/mem: No such file or directory
tcp4       0      0 *.22                   *.*                    LISTEN
tcp4       0      0 127.0.124.1.53         *.*                    LISTEN

On the jail that I was working on I saw this instead:

root@hll107:~ # service local_unbound onestatus
local_unbound is running as pid 2792.

root@hll107:~ # netstat -an | grep -i listen
netstat: kvm not available: /dev/mem: No such file or directory
tcp4       0      0 127.0.107.1.25         *.*                    LISTEN


Curious is it not?  This problem, no listening port 53 open on the
jail whilst unbound is running therein, persisted no matter how many
times I reset the netif and routing services; both inside the jail and
on the host.  Shutting down and restarting the jail did not change
anything either.  However, shutting down and restarting the host and
then starting the jail resulted in this:

[root@hll107 ~]# netstat -an | grep -i listen
netstat: kvm not available: /dev/mem: No such file or directory
tcp4       0      0 127.0.107.1.53         *.*                    LISTEN
tcp4       0      0 127.0.107.1.25         *.*                    LISTEN

So something on the host can get misaligned when one does numerous
network configuration changes during setup of a new jail. And the only
means I have discovered to correct it is to restart the host.

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3