Date: Wed, 17 Jun 2009 09:13:08 -0400 From: Steve Bertrand <steve@ibctech.ca> To: Erik Norgaard <norgaard@locolomo.org> Cc: questions@freebsd.org Subject: Re: Problem with jail connecting out Message-ID: <4A38EBE4.9040009@ibctech.ca> In-Reply-To: <4A38A8A6.4090702@locolomo.org> References: <4A37F2B7.6000505@locolomo.org> <4A38A8A6.4090702@locolomo.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
Erik Norgaard wrote:
> Erik Norgaard wrote:
>
>> I have no problem connecting from the host to the jail, but the other
>> way around doesn't work.
>>
>> Also, related, how do I configure multiple interfaces in a jail?
>
> Second problem solved, starting jail with
>
> # jail /var/jail jail 127.0.0.2,172.16.0.2 /bin/sh /etc/rc
>
> So, now I have:
>
> vr1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
> mtu 1500
> options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC>
> ether 00:40:63:ee:97:f1
> inet 172.16.0.2 netmask 0xffffffff broadcast 172.16.0.2
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> inet 127.0.0.2 netmask 0xffffffff
>
> Now, I can connect out on vr1 to 172.16.0.1, but not on lo0 to
> 127.0.0.1. Any suggestions what might be wrong?
I don't think that it is a wise idea to be using the loopback address
space to route packets outside of the OS, and it is even possible that
some implementations forbid this behaviour (don't quote me on that).
You could probably break the default behaviour by modifying your routing
table, but I would advise strongly against doing that.
If you want a loopback to be a receive interface, you should clone off a
second one (lo1), and assign an IP address to it that was not designed
to be short circuited within the host, like this:
% grep lo10 /etc/rc.conf
cloned_interfaces="lo1 lo3 lo10 ...etc
# lo10 (IPv4 iBGP loopback, advertised by OSPF)
ifconfig_lo10="UP"
ifconfig_lo10="inet 172.16.104.8 netmask 255.255.255.255"
------
>From RFC 1700:
(g) {127, <any>}
Internal host loopback address. Should never appear outside
a host.
Steve
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
��00CK9AbxIUw0
*H
�0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
090507231610Z
100507231610Z0B1 0
UThawte Freemail Member1 0
*H
steve@ibctech.ca0"0
*H
��0
�DZ杙<2IⵀfrsE6
q?0.>
S@Œ!V?A\Q
r-aZ
Ōf/0{OYQhɏߴ
F_\Q0BF=<_.a*3ep
eY
|t�ݼcvlҷ+@p
iQA{2E9 WN4[Z`h6VM/zPbd(G�C
^K6XV4j<t�-0+0U
0steve@ibctech.ca0
U
0�0
*H
��æ|85aQz-*3HG
.s*Fw*`HvFw;
9ytƘn0taC/:WC+LÙ{Oq 1�n00CK9AbxIUw0
*H
�0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
090507231610Z
100507231610Z0B1 0
UThawte Freemail Member1 0
*H
steve@ibctech.ca0"0
*H
��0
�DZ杙<2IⵀfrsE6
q?0.>
S@Œ!V?A\Q
r-aZ
Ōf/0{OYQhɏߴ
F_\Q0BF=<_.a*3ep
eY
|t�ݼcvlҷ+@p
iQA{2E9 WN4[Z`h6VM/zPbd(G�C
^K6XV4j<t�-0+0U
0steve@ibctech.ca0
U
0�0
*H
��æ|85aQz-*3HG
.s*Fw*`HvFw;
9ytƘn0taC/:WC+LÙ{Oq 1�n0?0
0
*H
�01
0 UZA10U
Western Cape10U Cape Town10U
Thawte Consulting1(0&U
Certification Services Division1$0"UThawte Personal Freemail CA1+0) *H
personal-freemail@thawte.com0
030717000000Z
130716235959Z0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA00
*H
��0�Ħ<UsUNʙZ
hup
[v
:aQP
0cZ,p+Z?qV˯<
6$*+w=+>@dקe*TH<a@
dr`�00U
0�0CU
<0:08642http://crl.thawte.com/ThawtePersonalFreemailCA.crl0
U
0)U
"0
0
10UPrivateLabel2-1380
*H
��HP
.
fgCL!6 -6/
P p<ab:~�
t%Pb'qW%ݩ9 Oe_N4[5MwV!x!5$
F]_eO1d0`0v0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAK9AbxIUw0 +�0 *H
1
*H
0
*H
1
090617131308Z0# *H
1)%tKK?mvQM5ğ0R *H
1E0C0
*H
0*H
�0
*H
@0+0
*H
(0 +71x0v0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAK9AbxIUw0
*H
1xv0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAK9AbxIUw0
*H
��k8ݪŲ W
3k5gFOIe#/=` 7LXVe=2. s>GD,
-| ojs
q۪pRa-8cjM,J=@Gʳ�`$"T^.arDB YxN,
腆3g&%l;
4y#4_\$[ ȡ=LgH������
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A38EBE4.9040009>