On Thu, 10 Dec 2015, Rick Macklem wrote:

> Hi,
> Mark has reported a problem via email where the nfsuserd daemon sees
> requests coming from an IP# assigned to the machine instead of
> Here's a snippet from his message:
>   Ok, I have Plex in a jail and when I scan the remote NFS file share the
>   *local* server's nfsuserd spams the logs.
> Spamming the logs refers to the messages nfsuserd generates when it gets
> a request from an address other than
> I think the best solution is to switch nfsuserd over to using an AF_LOCAL
> socket like the gssd uses, but that will take a little coding and probably
> won't be MFCable.
> I've sent him the attached patch to try as a workaround.
> Does anyone happen to know under what circumstances the address
> gets replaced?

My memory is quite hazy on this subject, but I think that outbound traffic
from a jail is not permitted to use the system loopback address;
traffic from this address within a jail gets replace with the jail's
primary IP address.  It is possible to specify an alternate loopback
address for use within the jail (e.g., and if that alternate
address is only bound within the jail, it can be used for outgoing traffic
to the host.  See jail.conf(5); I appear to have something like:

kduck {
    host.hostname = "kduck.mit.edu";
    ip4.addr = lo0|,;

Note that there may be some additional magic about the primary address of
the jail being first (or last?) in the list of addresses.

freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to