Re: Bind fails in jail with assigned IP address
- Reply: Bjoern A. Zeeb: "Re: Bind fails in jail with assigned IP address"
- In reply to: Steffen Christgau : "Bind fails in jail with assigned IP address"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 13 Jan 2023 15:13:20 UTC
On 08/01/2023 18:52, Steffen Christgau wrote: >> ip4.addr >> A list of IPv4 addresses assigned to the jail. If this is set, the >> jail is restricted to using only these addresses. [...] Attempts to >> use wildcard addresses silently use the jailed address instead. For >> IPv4 the first address given will be used as the source address when >> source address selection on unbound sockets cannot find a better match. > The effect of the silently changed wildcard address in my case is that > the changed address prevents the required binding of the second/sending > socket. This is inconsistent with the behavior outside a jail. Is this > actually intended? If so, what can be done to bind both sockets to their > required ports? > > I also tried to set ip4.saddrsel = 1 in the jail config, but it appeared > that nothing changed. If the IP address configuration is omitted for the > jail, the service does not encounter the error of an address that is > already in use. > > If there is a solution to have the daemon run in a jail, I would be > happy to discuss this. If jails are not suitable for this use case, let > me know as well. 😉 > Did you try using vnet style jails? These have their own, separate, loopback interface and a separate network interface, typically using epair(4) so you should avoid the silent rewriting of wildcard addresses that is causing you such difficulty. See: https://wiki.freebsd.org/Jails/VNET /usr/src/share/examples/jails/jib Cheers, Matthew