Date: Tue, 7 Apr 2015 10:29:49 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Anton Farber <dr_sweety_1337@hotmail.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: FreeBSD sometimes uses the router for packets on the local network Message-ID: <20150407072949.GA2379@kib.kiev.ua> In-Reply-To: <BLU184-W7781B661517FF838390C84D6FD0@phx.gbl> References: <BLU184-W192296030E569968682DFFD6FE0@phx.gbl> <CAOtMX2izwRe_7K6ZjJOzbAwRcQLy2mRh0V6CRR3Lh7u8UXe9fA@mail.gmail.com> <BLU184-W7781B661517FF838390C84D6FD0@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 07, 2015 at 07:04:40AM +0000, Anton Farber wrote: > > On Mon, Apr 6, 2015 at 12:15 PM, Anton Farber > > <dr_sweety_1337@hotmail.com> wrote: > > > I've opened a thread on the FreeBSD networking forum (https://forums.freebsd.org/threads/jail-fails-to-connect-to-main-host.50833/) as sometime ago my FreeBSD server (initially running 10.1, now CURRENT) started to behave strangely after an upgrade from 10.0 to 10.1. I first noticed that a jail (192.168.1.5) wasn't able to contact the base system (192.168.1.1). Running a tcpdump revealed the following: the jail is using em0 instead of lo0 for communicating with the base system: > > > > You need to look at your routing tables. From inside the jail, run > > "netstat -rn -f inet". You probably won't see any entry for 127.0.0.1 > > or 127.0.0.0/8. Those are the entries that your jail needs in order > > to talk to the base system. You can add them, but think carefully. > > Many server processes, such as ntpd, have reduced security for > > connections coming over 127.0.0.1. Whether or not it is appropriate > > to add those routes depends on why you are using a jail. > > Ok, so the behaviour I'm seeing regarding the communication between jail and base system is to be expected then. My reason for posting it was, that I was unsure whether it might have anything to do with the main problem. I don't think that this is the case so the question remains, why is my FreeBSD server sometimes using the router for contacting hosts on the local network? This was very strange proposal to look at routing tables inside jail. Do you use VNET-enabled kernel ? If not, there is no separate instance of the network stack per jail. The netstat -rn output in jail for non-VNET kernels is simply not relevant to your problem. The same issues must be present when non-jailed process using the same source address selection.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150407072949.GA2379>