Date: Tue, 7 Apr 2015 11:29:45 +0000 From: Anton Farber <dr_sweety_1337@hotmail.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: RE: FreeBSD sometimes uses the router for packets on the local network Message-ID: <BLU184-W14D30E10E44C072709485CD6FD0@phx.gbl> In-Reply-To: <20150407072949.GA2379@kib.kiev.ua> References: <BLU184-W192296030E569968682DFFD6FE0@phx.gbl>, <CAOtMX2izwRe_7K6ZjJOzbAwRcQLy2mRh0V6CRR3Lh7u8UXe9fA@mail.gmail.com>, <BLU184-W7781B661517FF838390C84D6FD0@phx.gbl>, <20150407072949.GA2379@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Tue=2C Apr 07=2C 2015 at 07:04:40AM +0000=2C Anton Farber wrote:=0A= >>> On Mon=2C Apr 6=2C 2015 at 12:15 PM=2C Anton Farber=0A= >>> wrote:=0A= >>>> I've opened a thread on the FreeBSD networking forum (https://forums.f= reebsd.org/threads/jail-fails-to-connect-to-main-host.50833/) as sometime a= go my FreeBSD server (initially running 10.1=2C now CURRENT) started to beh= ave strangely after an upgrade from 10.0 to 10.1. I first noticed that a ja= il (192.168.1.5) wasn't able to contact the base system (192.168.1.1). Runn= ing a tcpdump revealed the following: the jail is using em0 instead of lo0 = for communicating with the base system:=0A= >>> =0A= >>> You need to look at your routing tables. From inside the jail=2C run=0A= >>> "netstat -rn -f inet". You probably won't see any entry for 127.0.0.1= =0A= >>> or 127.0.0.0/8. Those are the entries that your jail needs in order=0A= >>> to talk to the base system. You can add them=2C but think carefully.=0A= >>> Many server processes=2C such as ntpd=2C have reduced security for=0A= >>> connections coming over 127.0.0.1. Whether or not it is appropriate=0A= >>> to add those routes depends on why you are using a jail.=0A= >> =0A= >> Ok=2C so the behaviour I'm seeing regarding the communication between ja= il and base system is to be expected then. My reason for posting it was=2C = that I was unsure whether it might have anything to do with the main proble= m. I don't think that this is the case so the question remains=2C why is my= FreeBSD server sometimes using the router for contacting hosts on the loca= l network?=0A= > =0A= > This was very strange proposal to look at routing tables inside jail.=0A= > Do you use VNET-enabled kernel ? If not=2C there is no separate instance = of=0A= > the network stack per jail. The netstat -rn output in jail for non-VNET= =0A= > kernels is simply not relevant to your problem. The same issues must be= =0A= > present when non-jailed process using the same source address selection.= =0A= =0A= No=2C I'm not using a VNET-enabled kernel (at least not to my knowledge :).= I'm not sure whether my problem is jail related at all... It's just where = it first manifested itself: suddenly I wasn't able to connect from my jail = to the base system when using SSH or IMAP (roundcube). It was only later on= e that I realized=2C that the base system was having troubles connecting to= random hosts on the local network (as described in my initial post).=0A= =0A= Regards=2C Anton =
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU184-W14D30E10E44C072709485CD6FD0>