From owner-freebsd-questions@freebsd.org Sat Sep 12 18:24:15 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D88E5A02799 for ; Sat, 12 Sep 2015 18:24:15 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 834CD1A3C for ; Sat, 12 Sep 2015 18:24:15 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.15.2/8.15.2) with ESMTPS id t8CIO5oT064988 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 12 Sep 2015 12:24:05 -0600 (MDT) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id t8CIO5cl064985; Sat, 12 Sep 2015 12:24:05 -0600 (MDT) (envelope-from wblock@wonkity.com) Date: Sat, 12 Sep 2015 12:24:05 -0600 (MDT) From: Warren Block To: Cary cc: freebsd-questions@freebsd.org Subject: Re: dhclient(8) sets wrong interface netmask on boot up In-Reply-To: <55F46514.9020702@flederma.us> Message-ID: References: <55F398CA.7050308@flederma.us> <55F46514.9020702@flederma.us> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Sat, 12 Sep 2015 12:24:05 -0600 (MDT) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Sep 2015 18:24:15 -0000 On Sat, 12 Sep 2015, Cary wrote: > On 09/12/2015 10:45, Adam Vande More wrote: >>> >>> [/etc/rc.conf] >>> hostname="public.fbsd.local" >>> ifconfig_em0="DHCP" >>> cloned_interfaces="${cloned_interfaces} lo1" >>> >> >> previous line doesn't make much sense. >> > > That was copied from the FreeBSD handbook section on managing jails > (https://www.freebsd.org/doc/handbook/jails-ezjail.html). I didn't think > that the jails would mess with the base host network configuration. Well, they add aliases. The cloned_interfaces line lets the jails use a separate loopback interface from the host. > However, after re-looking at the jail config, I changed the config line > in /usr/local/etc/ezjail/www_local from: > > export jail_www_local_ip="lo1|127.0.1.1,em0|192.168.20.166" > to > export jail_www_local_ip="lo1|127.0.1.1" Wait, you were assigning the host's IP address to the jail? That's the problem. > After reboot, I was able to SSH into it without trouble. But now the > httpd server cannot bind to the em0 interface. I guess I can forward > traffic with ipfw or pfctl to get around that issue. > > LESSON LEARNED: ezjail *will* override the DHCP-assigned configuration > of an interface! Well... when the jail is reusing the host's IP address, yes. Jails use aliases, and the netmask for an alias is 0xffffffff (255.255.255.255). So the host got an IP address and valid netmask from the DHCP server at boot, then the jail startup reassigned the same IP address to the host as an alias, setting an alias netmask. From earlier posts: >> < inet 192.168.20.166 netmask 0xffffffff broadcast 192.168.20.166 >> --- >>> inet 192.168.20.166 netmask 0xffffff00 broadcast 192.168.20.255 It's a little surprising that didn't fail with an error. The current setup (not specifying an IP address for the jail) ends up using the host's IP address again. That also seems like a mistake, but maybe not.