Allow jail to see source IP of incoming traffic

[Beeblebrox]

> Connections to localhost
> (127.0.0.1) from inside the jail are rerouted to the jails primary IP,
> since the jail does not have access to the loopback adapter.

That's what I was attempting to describe in my awkward manner, except that if jail iface is an alias of loopback, one gets a similar result when sending traffic from host.

> This can cause local connections to appear to be coming from the jails IP
> rather than loopback, but other than that, everyone should show the
> original source IP address.

What happened, was that connecting to the jailed mlnet sesion from host resulted in being refused and adding <jail_ip> to allowed_ips was the only possible solution.

My jails run on an alias of lo:
/etc/rc.conf: cloned_interfaces="lo2"
/etc/jail.conf: interface = lo2; \ ip4.addr = 192.168.2.xxx/32;

> What address are you seeing the connections as coming from? Where are
> they actually coming from?
I didn't run tcpdump or anything (booo!) The only flag I reacted to was "allowed_ips" for gui not permitting host, and once I relaxed that, I needed to clarify before I proceeded any further (no attempts to download anything as yet, so no incoming external traffic)

Under this configuration I tried to describe mean that only members of host/localhost will be able to connect to the mlnet daemon?

Thank you.




-----
FreeBSD-11-current_amd64_root-on-zfs_RadeonKMS
--
View this message in context: http://freebsd.1045724.n5.nabble.com/Allow-jail-to-see-source-IP-of-incoming-traffic-tp5938163p5938334.html
Sent from the freebsd-jail mailing list archive at Nabble.com.