On Sun, May 14, 2023 at 10:32:15PM -0600, Zack Newman wrote:
> On 2023-05-14, Joel Carnat <j...@carnat.net> wrote:
> > I have unbound listening on lo0 (127.0.0.1, rdomain0) and resolv.conf
> > configured with "nameserver 127.0.0.1".
>
> You can also have unbound(8) listen on lo1.
>
I have tried that but this seems to cause trouble with IPv6.
# grep 'interface:' /var/unbound/etc/unbound.conf
#interface: 127.0.0.1
interface: lo0
interface: lo1
#interface: ::1
# ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
index 6 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet 127.0.0.1 netmask 0xff000000
# ifconfig lo1
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> rdomain 1 mtu 32768
index 13 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo1 prefixlen 64 scopeid 0xd
inet 127.0.0.1 netmask 0xff000000
# unbound-checkconf
[1684134988] unbound-checkconf[16790:0] fatal error: ::1 present twice,
cannot bind the same ports twice. The first entry is address ::1 from
interface: lo0 and the second is address ::1 from interface: lo1
> Without more information-for example, showing what pf.conf(5) contains-
> there is no way we can help you.
As of now, I have nothing in pf.conf. I have try things but they didn't
work at all:
#pass on rdomain 1
#match out on rdomain 1 to 127.0.0.1 nat-to (lo0) rtable 0
>
> I have two rdomain(4)s, and I have no issue pinging both lo(4)
> interfaces (both interfaces have the IPv6 and IPv4 loopback
> addresses assigned to them):
>
Using ping with '-V' works here too
> > Is it possible to access lo0 from other rdomains?
>
> There shouldn't be anything you have to do to access the loopback
> interface within its own rdomain; however if you want to access an
> interface that is part of a separate rdomain, you will likely need to
> instruct pf to use a separate rtable(4).
That's what I suspected. What would the pf rule look like to implement
"from lo1 on rdomain 1, I want to access lo0 from rdomain 0"?
Thanks,
Joel C.
