On Mon, Jul 7, 2008 at 10:54 AM, Jason Morgan
> On 2008.07.07 09:51:33, David Allen wrote:
>> Unless I'm losing my mind, I'm encountering what seems to yet another
>> gotcha with jails.  The following has been dumbed down for clarity and
>> brevity.
>> ---------------------------------------------------------------------
>> # hostname
>> jailhost.example.org
>> # host jailhost
>> jailhost.example.org has address
>> # ifconfig fxp0
>> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>>         options=b<RXCSUM,TXCSUM,VLAN_MTU>
>>         ether 00:07:e9:c8:2e:32
>>         inet netmask 0xffffff00 broadcast
>>         inet netmask 0xffffffff broadcast
>>         inet netmask 0xffffffff broadcast
>>         media: Ethernet autoselect (100baseTX <full-duplex>)
>>         status: active
> This is the output for my jail interface. Notice that your jail
> aliases are broadcasting on the jail's IP. I don't know if this is an
> issue or not (my jails run on i386 FBSD 6.3), but it's something to
> look at. How are you setting the aliases?
>     options=b<RXCSUM,TXCSUM,VLAN_MTU>
>     inet netmask 0xffffff00 broadcast
>     inet netmask 0xffffff00 broadcast
>     inet netmask 0xffffff00 broadcast
>     ether xx:xx:xx:xx:xx:xx
>     media: Ethernet autoselect (1000baseTX <full-duplex,flag0,flag1>)
>     status: active

My own aliases:

# grep fxp0 /etc/rc.conf
ifconfig_fxp0="inet netmask 0xffffff00"
ifconfig_fxp0_alias0=" netmask 0xffffffff"
ifconfig_fxp0_alias1=" netmask 0xffffffff"
ifconfig_fxp0_alias2=" netmask 0xffffffff"

My understanding from the handbook is that the mask should be set to all
ones if the alias is for an address that's part of the same network.  For
a different segment, it's the first alias that should be set to the real
netmask, with any additional aliases using a netmask of all ones.

Granted, the broadcast addresses looks odd.  If I my programming skills
were better, I'd just read through the code and understand what's really
happening, but for now, I'm just taking the FreeBSD folks at their word at
following instructions.  That's a roundabout way of saying I think your
aliases are set up incorrectly.  ;-)

If you're not seeing the behaviour I'm seeing, do let me know.  But to
clarify with a concrete example, the following is what I see on the
jailhost ( when it connects to port 25 on one of the
jails (

# tcpdump -nqti lo0 port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo0, link-type NULL (BSD loopback), capture size 96 bytes
IP > tcp 0
IP > tcp 0
IP > tcp 0
IP > tcp 89
IP > tcp 0

# netstat -nf inet
Active Internet connections
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4       0      0           ESTABLISHED
tcp4       0      0            ESTABLISHED

# sockstat -4 -p 25
root     sendmail   16594 1  tcp4 
root     sendmail   16594 4  tcp4 
root     sendmail   16594 7  tcp4 
root     telnet     16593 3  tcp4

Why the jailhost is suddenly using the jail's IP address is beyond me.
