Re: Bind fails in jail with assigned IP address
- In reply to: Matthew Seaman : "Re: Bind fails in jail with assigned IP address"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 14 Jan 2023 23:48:13 UTC
On Fri, 13 Jan 2023, Matthew Seaman wrote: > On 08/01/2023 18:52, Steffen Christgau wrote: >>> ip4.addr >>> A list of IPv4 addresses assigned to the jail. If this is set, the jail >>> is restricted to using only these addresses. [...] Attempts to use I think someone needs to add the word "unicast" to these sentences. In classic plain old IP jails there is no MC support. You need, as Matthew points out below, a vnet enabled jail for that. >>> wildcard addresses silently use the jailed address instead. For IPv4 the >>> first address given will be used as the source address when >>> source address selection on unbound sockets cannot find a better match. >> The effect of the silently changed wildcard address in my case is that the >> changed address prevents the required binding of the second/sending socket. >> This is inconsistent with the behavior outside a jail. Is this actually >> intended? If so, what can be done to bind both sockets to their required >> ports? >> >> I also tried to set ip4.saddrsel = 1 in the jail config, but it appeared >> that nothing changed. If the IP address configuration is omitted for the >> jail, the service does not encounter the error of an address that is >> already in use. >> >> If there is a solution to have the daemon run in a jail, I would be happy >> to discuss this. If jails are not suitable for this use case, let me know >> as well. 😉 >> > > Did you try using vnet style jails? These have their own, separate, loopback > interface and a separate network interface, typically using epair(4) so you > should avoid the silent rewriting of wildcard addresses that is causing you > such difficulty. > > See: https://wiki.freebsd.org/Jails/VNET > /usr/src/share/examples/jails/jib > > Cheers, > > Matthew > > -- Bjoern A. Zeeb r15:7