[Bug 255685] PF: JAIL: fail to connect from jail to jail service when pf enabled

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 01 Feb 2022 17:53:17 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255685

--- Comment #6 from Laurent Frigault <freebsdbugzilla@agneau.org> ---
(In reply to Laurent Frigault from comment #5)

man ifconfig still says:
..
     alias   Establish an additional network address for this interface.  This
             is sometimes useful when changing network numbers, and one wishes
             to accept packets addressed to the old interface.  If the address
             is on the same subnet as the first network address for this
             interface, a non-conflicting netmask must be given.  Usually
             0xffffffff is most appropriate.

but it looks like since 13.0  we can now add aliases with non /32 mask even if
there is already an ip with the same non /32 subnet and this works with jail
ips too.

example:
host configuration:
ifconfig_bge0_alias0="inet 192.168.249.240 netmask 255.255.255.128"

jail configuration:
    ip4.addr += "192.168.249.247/25";

# netstat -rn |fgrep 192.168.    
192.168.249.128/25 link#1             U          bge0
192.168.249.240    link#1             UHS         lo0
192.168.249.247    link#1             UHS         lo0

lo0 host routes are back and the 2 ips can talk to each other via lo0

This change may ne related to https://www.freebsd.org/releases/13.0R/relnotes/
...
Duplicate routes installation issue for /32 or /128 interface aliases has been
fixed. 81728a538d24
...

maybe the ifconfig manual page should be updated to remove 
"Usually 0xffffffff is most appropriate" from the alias item

-- 
You are receiving this mail because:
You are the assignee for the bug.