Hi Ole, I am by no means an expert, but to me I see your problem is here..
# ezjail-admin create somejail 'lo1|b.b.b.238,lo1|127.b.b.238' You are binding the jail to the same network controller lo1. Usually you would bind the jail like.. # ezjail-admin create somejail 'lo1|127.0.0.238, emX|10.1.1.238' Where 10.1.1.0/24 is your subnet of your host. And you have free range on the network and want to create the jail as a fully fledged host. Seeing as you have only been assigned a /32 for your host. I would imagine you would either need to possibly do something like... # ezjail-admin create somejail 'lo1|127.0.0.238, lo0|127. 0.0.237' E.g bind the jail loopback of lo1 to the host loopback lo0. But I have never seen a configuration like yours using the same device twice, but I could be totally wrong. On 18 Jan 2018 12:58, "Ole" <[email protected]> wrote: > Hi, > > I have some questions about how routing works for jails. > > I have a FreeBSD 11.1 host in a datacenter. Which has only a routed IP > and different /29 routed networks. The IP is setup as /32 and there is a > default route to the router of the datacenter: > > > #ifconfig em1 > (...) > inet a.a.a.57 netmask 0xffffffff broadcast a.a.a.57 > (...) > > > # netstat -rn > (...) > Destination Gateway Flags Netif Expire > default a.a.a.1 UGS em1 > (...) > > > If I create jails like > > # ezjail-admin create somejail 'lo1|b.b.b.238,lo1|127.b.b.238' > > everything is fine until some service in the jail tries to bind to > 127.0.0.1. Because it will bind to the public IP b.b.b.238. > The Handbook [1] tells > > "Inside a jail, access to the loopback address 127.0.0.1 is > redirected to the first IP address assigned to the jail." > > If I change the order of the IP-Adresses the service will bind to > 127.b.b.238. But inside the Jail Networking fails in a way that I can't > debug. I can conntect from the outside via ssh but I can't connect from > the Jail to an external Server. I can't find any differences in > routing table or ifconfig between both setups. > > > I also tried to use tap interfaces instead of lo, but it results in the > same. > > I wonder how others solve this problem. I searched a lot, but couldn't > find a solution. Maybe you don't have a solution, but can give me a > hint to debug the Problem. Thank you! > > > regards > Ole > > [1] https://www.freebsd.org/doc/handbook/jails-ezjail.html > _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[email protected]"
