From owner-freebsd-bugs  Wed Aug  9 12:30: 8 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id BF4A337BF37
	for <freebsd-bugs@FreeBSD.org>; Wed,  9 Aug 2000 12:30:00 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id MAA31461;
	Wed, 9 Aug 2000 12:30:00 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from ripsport.aist.go.jp (ripsport.aist.go.jp [150.29.251.10])
	by hub.freebsd.org (Postfix) with ESMTP id 39BC837C29C
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  9 Aug 2000 12:21:23 -0700 (PDT)
	(envelope-from akr@m17n.org)
Received: from rpsmtp1.aist.go.jp (rpsmtp1.aist.go.jp [150.29.254.30])
	by ripsport.aist.go.jp (8.9.3/3.7W) with ESMTP id EAA19183
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Aug 2000 04:21:17 +0900 (JST)
Received: from eccu1-1.etl.go.jp (localhost [127.0.0.1])
	by rpsmtp1.aist.go.jp (8.9.3/3.7W) with ESMTP id EAA08292
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Aug 2000 04:21:17 +0900 (JST)
Received: from flux.etl.go.jp (dhcpea054 [150.29.203.244])
	by eccu1-1.etl.go.jp (8.9.3/3.7W-ETL-MASTER) with ESMTP id EAA18032
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Aug 2000 04:21:16 +0900 (JST)
Received: by flux.etl.go.jp (Postfix, from userid 23483)
	id 54089404; Thu, 10 Aug 2000 04:21:38 +0900 (JST)
Message-Id: <20000809192138.54089404@flux.etl.go.jp>
Date: Thu, 10 Aug 2000 04:21:38 +0900 (JST)
From: akr@m17n.org
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: kern/20508: process in jail(8) with 127.0.0.2 cannot connect servers on 127.0.0.1. 
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         20508
>Category:       kern
>Synopsis:       process in jail(8) with 127.0.0.2 cannot connect servers on 127.0.0.1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 09 12:30:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Tanaka Akira
>Release:        FreeBSD 4.0-RELEASE i386
>Organization:
m17n
>Environment:

FreeBSD flux 4.0-RELEASE FreeBSD 4.0-RELEASE #0: Fri Jul  7 00:53:54 JST 2000     akr@flux:/usr/src/sys/compile/AKR  i386

>Description:

When jail is created with 127.0.0.2 and jailed process try to connect
127.0.0.1:79 (finger daemon), it cannot connect.

This problem is reproduced for all daemons that is explicitly bind to
127.0.0.1 and not reproduced for daemons that accepts connection for all
interfaces.

>How-To-Repeat:

Insert following lines in /etc/rc.conf.

  ifconfig_lo0_alias0="inet 127.0.0.2 netmask 0xffffffff" 
  inetd_flags="-wW -a 127.0.0.1"

Check lo0 configuration.

# ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
        inet6 ::1 prefixlen 128 
        inet 127.0.0.1 netmask 0xff000000 
        inet 127.0.0.2 netmask 0xffffffff 

Check inetd.  inetd listens 127.0.0.1:79.

inetd listens 127.0.0.1:79 and telnet to it works well
even if source IP address is specified as 127.0.0.2.

# netstat -n -a |grep 79
tcp4       0      0  127.0.0.1.79           *.*                    LISTEN
# grep finger /etc/inetd.conf
finger  stream  tcp     nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
finger  stream  tcp6    nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
# ps auxww|grep inetd
root      372  0.0  0.5  1020  660  p0  S+    4:11AM   0:00.00 grep inetd
root      160  0.0  0.5  1012  676  ??  Ss    4:05AM   0:00.02 inetd -wW -a 127.0.0.1
# grep \^finger /etc/services
finger           79/tcp
finger           79/udp

Without jail, telnet to it works well even if source IP address is
specified as 127.0.0.2.

# telnet -s 127.0.0.2 127.0.0.1 79
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
root
Login: root                             Name: Charlie Root
Directory: /root                        Shell: /bin/csh
Last login Tue Aug  8 14:59 (JST) on ttyv1
No Mail.
No Plan.
Connection closed by foreign host.

Setup jail to run telnet.

# cd /var/tmp
# mkdir jail
# cd jail
# mkdir -p usr/lib usr/libexec 
# cp /usr/libexec/ld-elf.so.1 usr/libexec
# ldd /usr/bin/telnet 
/usr/bin/telnet:
        libncurses.so.5 => /usr/lib/libncurses.so.5 (0x2807a000)
        libcrypto.so.1 => /usr/lib/libcrypto.so.1 (0x280b9000)
        libkrb.so.3 => /usr/lib/libkrb.so.3 (0x28156000)
        libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x2816f000)
        libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x28184000)
        libmp.so.3 => /usr/lib/libmp.so.3 (0x28186000)
        libipsec.so.0 => /usr/lib/libipsec.so.0 (0x28190000)
        libc.so.4 => /usr/lib/libc.so.4 (0x2819a000)
# cp /usr/lib/libncurses.so.5 /usr/lib/libcrypto.so.1 /usr/lib/libkrb.so.3 /usr/lib/libcrypt.so.2 /usr/lib/libcom_err.so.2 /usr/lib/libmp.so.3 /usr/lib/libipsec.so.0 /usr/lib/libc.so.4 usr/lib
# cp /usr/bin/telnet .

Run telnet and it fails.

# jail /var/tmp/jail xxx 127.0.0.2 /telnet 127.0.0.1 79
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host

I think it shouldn't be failed.

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message