Date: Tue, 7 Apr 2015 11:29:45 +0000 From: Anton Farber <dr_sweety_1337@hotmail.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: RE: FreeBSD sometimes uses the router for packets on the local network Message-ID: <BLU184-W14D30E10E44C072709485CD6FD0@phx.gbl> In-Reply-To: <20150407072949.GA2379@kib.kiev.ua> References: <BLU184-W192296030E569968682DFFD6FE0@phx.gbl>, <CAOtMX2izwRe_7K6ZjJOzbAwRcQLy2mRh0V6CRR3Lh7u8UXe9fA@mail.gmail.com>, <BLU184-W7781B661517FF838390C84D6FD0@phx.gbl>, <20150407072949.GA2379@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Tue, Apr 07, 2015 at 07:04:40AM +0000, Anton Farber wrote: >>> On Mon, Apr 6, 2015 at 12:15 PM, Anton Farber >>> wrote: >>>> I've opened a thread on the FreeBSD networking forum (https://forums.freebsd.org/threads/jail-fails-to-connect-to-main-host.50833/) as sometime ago my FreeBSD server (initially running 10.1, now CURRENT) started to behave strangely after an upgrade from 10.0 to 10.1. I first noticed that a jail (192.168.1.5) wasn't able to contact the base system (192.168.1.1). Running a tcpdump revealed the following: the jail is using em0 instead of lo0 for communicating with the base system: >>> >>> You need to look at your routing tables. From inside the jail, run >>> "netstat -rn -f inet". You probably won't see any entry for 127.0.0.1 >>> or 127.0.0.0/8. Those are the entries that your jail needs in order >>> to talk to the base system. You can add them, but think carefully. >>> Many server processes, such as ntpd, have reduced security for >>> connections coming over 127.0.0.1. Whether or not it is appropriate >>> to add those routes depends on why you are using a jail. >> >> Ok, so the behaviour I'm seeing regarding the communication between jail and base system is to be expected then. My reason for posting it was, that I was unsure whether it might have anything to do with the main problem. I don't think that this is the case so the question remains, why is my FreeBSD server sometimes using the router for contacting hosts on the local network? > > This was very strange proposal to look at routing tables inside jail. > Do you use VNET-enabled kernel ? If not, there is no separate instance of > the network stack per jail. The netstat -rn output in jail for non-VNET > kernels is simply not relevant to your problem. The same issues must be > present when non-jailed process using the same source address selection. No, I'm not using a VNET-enabled kernel (at least not to my knowledge :). I'm not sure whether my problem is jail related at all... It's just where it first manifested itself: suddenly I wasn't able to connect from my jail to the base system when using SSH or IMAP (roundcube). It was only later one that I realized, that the base system was having troubles connecting to random hosts on the local network (as described in my initial post). Regards, Anton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU184-W14D30E10E44C072709485CD6FD0>