From owner-freebsd-net@FreeBSD.ORG Tue Apr 7 07:04:42 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2F81ADAD for ; Tue, 7 Apr 2015 07:04:42 +0000 (UTC) Received: from BLU004-OMC2S3.hotmail.com (blu004-omc2s3.hotmail.com [65.55.111.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EAE62C29 for ; Tue, 7 Apr 2015 07:04:41 +0000 (UTC) Received: from BLU184-W77 ([65.55.111.71]) by BLU004-OMC2S3.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); Tue, 7 Apr 2015 00:04:40 -0700 X-TMN: [+7La/djPBdN3P4A6UBR/sAKh71ddKHDV] X-Originating-Email: [dr_sweety_1337@hotmail.com] Message-ID: From: Anton Farber To: "freebsd-net@freebsd.org" Subject: RE: FreeBSD sometimes uses the router for packets on the local network Date: Tue, 7 Apr 2015 07:04:40 +0000 Importance: Normal In-Reply-To: References: , MIME-Version: 1.0 X-OriginalArrivalTime: 07 Apr 2015 07:04:40.0363 (UTC) FILETIME=[1DDC57B0:01D07101] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Apr 2015 07:04:42 -0000 > On Mon=2C Apr 6=2C 2015 at 12:15 PM=2C Anton Farber > wrote: > > I've opened a thread on the FreeBSD networking forum (https://forums.fr= eebsd.org/threads/jail-fails-to-connect-to-main-host.50833/) as sometime ag= o my FreeBSD server (initially running 10.1=2C now CURRENT) started to beha= ve strangely after an upgrade from 10.0 to 10.1. I first noticed that a jai= l (192.168.1.5) wasn't able to contact the base system (192.168.1.1). Runni= ng a tcpdump revealed the following: the jail is using em0 instead of lo0 f= or communicating with the base system: >=20 > You need to look at your routing tables. From inside the jail=2C run > "netstat -rn -f inet". You probably won't see any entry for 127.0.0.1 > or 127.0.0.0/8. Those are the entries that your jail needs in order > to talk to the base system. You can add them=2C but think carefully. > Many server processes=2C such as ntpd=2C have reduced security for > connections coming over 127.0.0.1. Whether or not it is appropriate > to add those routes depends on why you are using a jail. Ok=2C so the behaviour I'm seeing regarding the communication between jail = and base system is to be expected then. My reason for posting it was=2C tha= t I was unsure whether it might have anything to do with the main problem. = I don't think that this is the case so the question remains=2C why is my Fr= eeBSD server sometimes using the router for contacting hosts on the local n= etwork? Regards=2C Anton =