From owner-freebsd-questions@FreeBSD.ORG Thu Nov 20 15:55:25 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E8CC11B4 for ; Thu, 20 Nov 2014 15:55:25 +0000 (UTC) Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 822C1DCA for ; Thu, 20 Nov 2014 15:55:24 +0000 (UTC) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by fileserver.home.qeng-ho.org (8.14.7/8.14.5) with ESMTP id sAKFtK2O041115; Thu, 20 Nov 2014 15:55:21 GMT (envelope-from freebsd@qeng-ho.org) Message-ID: <546E0EE8.3050102@qeng-ho.org> Date: Thu, 20 Nov 2014 15:55:20 +0000 From: Arthur Chance User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Paul Pathiakis , freebsd-questions@freebsd.org Subject: Re: 127.0.0.1 in a jail References: <546E08B3.9090906@yahoo.com> In-Reply-To: <546E08B3.9090906@yahoo.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2014 15:55:26 -0000 On 20/11/2014 15:28, Paul Pathiakis via freebsd-questions wrote: > Hi, > > I have a question about jails and localhost. > > I have found older documentation that says within a jail 127.0.0.1 is > mapped to the jail's IP address so that software that maps to localhost > or 127.0.0.1 get handed the jails IP. > I've always understood that to mean that if you attempt to bind(2) a socket with a socket address of 127.0.0.1 then the jail ip addr (or the default one when it has more than one ip addr) is substituted. This does not mean that a DNS (or /etc/hosts) lookup of localhost in a jail will automatically return the jail ip. > However, I have tried ping (yes, I turned on raw sockets, bad me.) and > telnet to a sendmail process I have running. > > They both return errors. > > PING 127.0.0.1 (127.0.0.1): 56 data bytes > ping: sendto: Operation not permitted > ping: sendto: Operation not permitted > ping: sendto: Operation not permitted > > > # telnet 127.0.0.1 > Trying 127.0.0.1... > telnet: connect to address 127.0.0.1: Connection refused > telnet: Unable to connect to remote host > > > Needless to say, this is causing problems with some software that I have > to install. > > Does anyone know how to verify that 127.0.0.1/localhost map to the > jail's IP? > > If it isn't, how do I change it to be so? I don't think you can do anything to make 127.0.0.1 work as a target for connecting to - how is the common network stack to decide whether you're talking to the jail or the main box? It might be possible in VIMAGE jails, but I have no experience of them. You could always add an entry for localhost in the jail's /etc/hosts that is the jail's address rather than 127.0.0.1. That's not going to happen automatically though.