From owner-freebsd-questions@freebsd.org Mon Sep 14 01:38:28 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05597A04784 for ; Mon, 14 Sep 2015 01:38:28 +0000 (UTC) (envelope-from lists@flederma.us) Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.perfora.net", Issuer "thawte SSL CA - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C8CAC14C9 for ; Mon, 14 Sep 2015 01:38:27 +0000 (UTC) (envelope-from lists@flederma.us) Received: from neon.local ([73.207.230.118]) by mrelay.perfora.net (mreueus003) with ESMTPSA (Nemesis) id 0LfhYy-1YqgTp3KhO-00pJ4n; Mon, 14 Sep 2015 03:38:03 +0200 Subject: Re: dhclient(8) sets wrong interface netmask on boot up To: Warren Block References: <55F398CA.7050308@flederma.us> <55F46514.9020702@flederma.us> Cc: freebsd-questions@freebsd.org From: Cary X-Enigmail-Draft-Status: N1110 Message-ID: <55F624F9.2080202@flederma.us> Date: Sun, 13 Sep 2015 21:38:01 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:Qlp5rnlW27v9jA/ywr8wCgGFcXbI7Dxlv8t7Ahfbu5lwClORgPq iSxsbm8G/h65ZHe3ZOAS1PV3WxnHa0Cw+ZP8e8bkV7VK0sUPNnJ1Tctrno+qUDNeOC7PY8h xumiposm4lq4HLbCykJf8bnuZ5QQK4z+NYQsGIXW0tqO6EdKukAuNrxqlCxeH0UMgk9cJ+M qTjyIHK70d28bdstJCxxg== X-UI-Out-Filterresults: notjunk:1;V01:K0:CgHzqOPNv5k=:2V1ft//CUyHqqWCBtPE4j+ eTVXBrNuq4TN+Aqx9XOMI2q4IeAoJLaPtM7kAJd5f8KQ5cX26nzmiPGSWdGKXI/Hh7Ja6tzMH tFh4SZPSwQo4d7jMRNQXxC7Dy52wDy/lB4MjxCHMgem+ThBRaXnaMdRaXewBVCt0vmbaiM1mY MK58iQob0pNIB6G1jW2kxw5gxEvU9XMt1c3cW2Dd7SBMgbvCEP2tXiAWAJdOHYDdIYwDI5o8t tFreJ5SeOie7wJZdQ73qt9I5mnJO8NtYO4R6XYzCiRDfWRbUm9rN0qKLqqcPkaQvyDzQJE4t4 LGYKPkWrbGlyeHT6LYFeMBwNqtN4nUJD93JgTQUR5aOBAUWuez09BvWDCrOED0PGHDHWptNQb 2tAwfIWJzF54wsmzFhEW+4unLa/WgFv0Wo6b1uqAVIP2+o9ZMqatazCsNGLT6O+RgNNlQsMMT Nm2Z3mRucGkm9D9AN6Fw87cGGynoztH8CyKre/XI5s3DgntGnAz0g/JceKuXYoXnr3/do5HPF xB7SS+0HcC5SY54fFymyiafaI10qvXqr7g+g9KxOteXln/ylg2P6BVt48yXVQaQvxzYhsJYvI GwaS3in3o3DcM6fsJgK3rtji4j2HVe5paZo6KpcLna2DlnHJZULqxsk8HLamgiVWb4QYjxdzQ 10hUw1VsF11PHNyzTdHiJA26JQrc+jR0kgOUX0y+fv9PZjhWBtvH2Mb3qE+udMW+GmadfxnvN LN+vex2IPDngNusY X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Sep 2015 01:38:28 -0000 On 09/12/2015 14:24, Warren Block wrote: > On Sat, 12 Sep 2015, Cary wrote: >> On 09/12/2015 10:45, Adam Vande More wrote: >>>> >>>> [/etc/rc.conf] >>>> hostname="public.fbsd.local" >>>> ifconfig_em0="DHCP" >>>> cloned_interfaces="${cloned_interfaces} lo1" >>>> >>> >>> previous line doesn't make much sense. >>> >> >> That was copied from the FreeBSD handbook section on managing jails >> (https://www.freebsd.org/doc/handbook/jails-ezjail.html). I didn't think >> that the jails would mess with the base host network configuration. > > Well, they add aliases. The cloned_interfaces line lets the jails use a > separate loopback interface from the host. > >> However, after re-looking at the jail config, I changed the config line >> in /usr/local/etc/ezjail/www_local from: >> >> export jail_www_local_ip="lo1|127.0.1.1,em0|192.168.20.166" >> to >> export jail_www_local_ip="lo1|127.0.1.1" > > Wait, you were assigning the host's IP address to the jail? That's the > problem. > Thanks, Warren. The jails-ezjail.html page sets up the dnsjail example using both the cloned loopback and the system IP (Procedure 14.1). I guess in that case, the system IP was static and not DHCP-assigned? >> After reboot, I was able to SSH into it without trouble. But now the >> httpd server cannot bind to the em0 interface. I guess I can forward >> traffic with ipfw or pfctl to get around that issue. >> >> LESSON LEARNED: ezjail *will* override the DHCP-assigned configuration >> of an interface! > > Well... when the jail is reusing the host's IP address, yes. Jails use > aliases, and the netmask for an alias is 0xffffffff (255.255.255.255). > So the host got an IP address and valid netmask from the DHCP server at > boot, then the jail startup reassigned the same IP address to the host > as an alias, setting an alias netmask. From earlier posts: > >>> < inet 192.168.20.166 netmask 0xffffffff broadcast 192.168.20.166 >>> --- >>>> inet 192.168.20.166 netmask 0xffffff00 broadcast 192.168.20.255 > > It's a little surprising that didn't fail with an error. > The only error I saw in dmesg or /var/log/messages was the following: Sep 11 09:51:55 public kernel: arpresolve: can't allocate llinfo for 192.168.20.1 on em0 Sep 11 09:51:55 public last message repeated 11 times Sep 11 09:55:20 public kernel: arpresolve: can't allocate llinfo for 192.168.20.1 on em0 Sep 11 09:55:33 public last message repeated 4 times Googling for that error was not very helpful in resolving the issue, hence the email to -questions. > The current setup (not specifying an IP address for the jail) ends up > using the host's IP address again. That also seems like a mistake, but > maybe not. I don't know what the default should be, but I appreciate the help in better understanding what is happening on the back-end. All the best!