From owner-freebsd-hackers@FreeBSD.ORG Thu Jun 4 21:01:19 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 81042106566B for ; Thu, 4 Jun 2009 21:01:19 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 3B3518FC12 for ; Thu, 4 Jun 2009 21:01:19 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id E6DB941C6FC; Thu, 4 Jun 2009 22:45:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id VvGXO5iKFRnZ; Thu, 4 Jun 2009 22:45:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 7FE6F41C6F2; Thu, 4 Jun 2009 22:45:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 8EC464448E6; Thu, 4 Jun 2009 20:44:39 +0000 (UTC) Date: Thu, 4 Jun 2009 20:44:39 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Dirk Engling In-Reply-To: <4A27D38B.6040108@erdgeist.org> Message-ID: <20090604203905.B12292@maildrop.int.zabbadoz.net> References: <4A27D38B.6040108@erdgeist.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-hackers@freebsd.org Subject: Re: Jails, loopback interfaces and sendmail X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2009 21:01:19 -0000 On Thu, 4 Jun 2009, Dirk Engling wrote: Hi, > However, grep -R 127.0.0.1 /etc reveals, that sendmail in many places > assumes localhost to be on 127.0.0.1 instead of looking it up in > /etc/hosts or using 127.0.0.0/8 to identify a local connection. or possibly other methods that would find even more things to be "local". > I worry that more programmers made those assumptions, possibly breaking > more tools. yes, bind tools are another of those things that have problems with various address magics. > My question is: Who's the right guy to beg to fix sendmail or > alternatively would it be smart to allow each jail to have its own If programmers assume 127.0.0.1 is hte one and only loopback it's because of two things - 1) this has been done in the very old days where people updated the hosts file with uucp to know all hosts in the nwetwork and was never updated. or 2) they are clueless or lazy. > concept of 127.0.0.1 on a dummy interface mapped to all jails, that As others mentioned connection from/to 127.0.0.1 will be mapped to the primary address of the jail; if you listen on 127.0.0.1 and the primary address is a public address you will be visible to the world (given your base system routes and permits that address to be reached). But that's been like that since probably 4.0. With the virtual network stack you will be bale to have your own loopback with each jail do not even think about doing something like this; it would never ever hit the tree anymore and it has been done by others already (for you - and others;). /bz -- Bjoern A. Zeeb The greatest risk is not taking one.