Date: Thu, 10 Dec 2015 20:51:18 -0500 (EST) From: Rick Macklem <rmacklem@uoguelph.ca> To: Benjamin Kaduk <kaduk@MIT.EDU> Cc: freebsd-current <freebsd-current@freebsd.org> Subject: Re: RPC request sent to 127.0.0.1 becomes from other IP on machine Message-ID: <1916004699.127591232.1449798678143.JavaMail.zimbra@uoguelph.ca> In-Reply-To: <alpine.GSO.1.10.1512101846210.26829@multics.mit.edu> References: <521574245.126601980.1449754639530.JavaMail.zimbra@uoguelph.ca> <alpine.GSO.1.10.1512101846210.26829@multics.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, I had a hunch it was related to the use of jails.
I am just testing a patch that switches the nfsuserd over to
using an af_local socket, so this will be avoided.
(I think it makes more sense anyhow. I just never got around
to doing it.;-)
Thanks for the info, rick
----- Original Message -----
> On Thu, 10 Dec 2015, Rick Macklem wrote:
>
> > Hi,
> >
> > Mark has reported a problem via email where the nfsuserd daemon sees
> > requests coming from an IP# assigned to the machine instead of 127.0.0.1.
> > Here's a snippet from his message:
> > Ok, I have Plex in a jail and when I scan the remote NFS file share the
> > *local* server's nfsuserd spams the logs.
> > Spamming the logs refers to the messages nfsuserd generates when it gets
> > a request from an address other than 127.0.0.1.
> >
> > I think the best solution is to switch nfsuserd over to using an AF_LOCAL
> > socket like the gssd uses, but that will take a little coding and probably
> > won't be MFCable.
> >
> > I've sent him the attached patch to try as a workaround.
> >
> > Does anyone happen to know under what circumstances the address 127.0.0.1
> > gets replaced?
>
> My memory is quite hazy on this subject, but I think that outbound traffic
> from a jail is not permitted to use the system loopback address 127.0.0.1;
> traffic from this address within a jail gets replace with the jail's
> primary IP address. It is possible to specify an alternate loopback
> address for use within the jail (e.g., 127.0.0.2) and if that alternate
> address is only bound within the jail, it can be used for outgoing traffic
> to the host. See jail.conf(5); I appear to have something like:
>
> kduck {
> host.hostname = "kduck.mit.edu";
> ip4.addr = lo0|127.0.0.2, 18.18.0.52;
> [...]
> }
>
> Note that there may be some additional magic about the primary address of
> the jail being first (or last?) in the list of addresses.
>
> -Ben
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1916004699.127591232.1449798678143.JavaMail.zimbra>