Date: Tue, 7 Apr 2015 11:29:45 +0000 From: Anton Farber <dr_sweety_1337@hotmail.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: RE: FreeBSD sometimes uses the router for packets on the local network Message-ID: <BLU184-W14D30E10E44C072709485CD6FD0@phx.gbl> In-Reply-To: <20150407072949.GA2379@kib.kiev.ua> References: <BLU184-W192296030E569968682DFFD6FE0@phx.gbl>, <CAOtMX2izwRe_7K6ZjJOzbAwRcQLy2mRh0V6CRR3Lh7u8UXe9fA@mail.gmail.com>, <BLU184-W7781B661517FF838390C84D6FD0@phx.gbl>, <20150407072949.GA2379@kib.kiev.ua>
index | next in thread | previous in thread | raw e-mail
> On Tue, Apr 07, 2015 at 07:04:40AM +0000, Anton Farber wrote: >>> On Mon, Apr 6, 2015 at 12:15 PM, Anton Farber >>> wrote: >>>> I've opened a thread on the FreeBSD networking forum (https://forums.freebsd.org/threads/jail-fails-to-connect-to-main-host.50833/) as sometime ago my FreeBSD server (initially running 10.1, now CURRENT) started to behave strangely after an upgrade from 10.0 to 10.1. I first noticed that a jail (192.168.1.5) wasn't able to contact the base system (192.168.1.1). Running a tcpdump revealed the following: the jail is using em0 instead of lo0 for communicating with the base system: >>> >>> You need to look at your routing tables. From inside the jail, run >>> "netstat -rn -f inet". You probably won't see any entry for 127.0.0.1 >>> or 127.0.0.0/8. Those are the entries that your jail needs in order >>> to talk to the base system. You can add them, but think carefully. >>> Many server processes, such as ntpd, have reduced security for >>> connections coming over 127.0.0.1. Whether or not it is appropriate >>> to add those routes depends on why you are using a jail. >> >> Ok, so the behaviour I'm seeing regarding the communication between jail and base system is to be expected then. My reason for posting it was, that I was unsure whether it might have anything to do with the main problem. I don't think that this is the case so the question remains, why is my FreeBSD server sometimes using the router for contacting hosts on the local network? > > This was very strange proposal to look at routing tables inside jail. > Do you use VNET-enabled kernel ? If not, there is no separate instance of > the network stack per jail. The netstat -rn output in jail for non-VNET > kernels is simply not relevant to your problem. The same issues must be > present when non-jailed process using the same source address selection. No, I'm not using a VNET-enabled kernel (at least not to my knowledge :). I'm not sure whether my problem is jail related at all... It's just where it first manifested itself: suddenly I wasn't able to connect from my jail to the base system when using SSH or IMAP (roundcube). It was only later one that I realized, that the base system was having troubles connecting to random hosts on the local network (as described in my initial post). Regards, Antonhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU184-W14D30E10E44C072709485CD6FD0>