jails in different private subnets on the same host
Grzegorz Junka
list1 at gjunka.com
Fri May 20 11:07:58 UTC 2016
On 19/05/2016 15:19, Kurt Jaeger wrote:
> Hi!
>
>> Why would it need to use the nameserver if I am telneting through IP?
> Use telnet -N to avoid DNS lookups.
Oh, great! That worked. It could connect to the web server jail
immediately. So it looks like the problem is with connecting to the DNS
jail, but why?
This is inside the DNS jail:
*root at dns1:/ # netstat -an*
netstat: kvm not available: /dev/mem: No such file or directory
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.1.60.53 *.* LISTEN
tcp4 0 0 192.168.1.60.25 *.* LISTEN
udp4 0 0 192.168.1.60.53 *.*
udp4 0 0 192.168.1.60.514 *.*
(... IPv6 entries)
On the problematic jail:
*root at pjp1:/ # cat /etc/resolv.conf *
search myserver.mydomain.com
nameserver 192.168.1.60
options edns0
*root at pjp1:/ # netstat -an*
netstat: kvm not available: /dev/mem: No such file or directory
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 10.33.1.40.25 *.* LISTEN
tcp4 0 0 10.33.1.40.3306 *.* LISTEN
tcp4 0 0 10.33.1.40.80 *.* LISTEN
udp4 0 0 10.33.1.40.514 *.*
*root at pjp1:/ # netstat -rn*
Routing tables
Internet:
Destination Gateway Flags Netif Expire
10.33.1.40 link#4 UHS lo0
This works immediately:
*root at pjp1:/ # telnet -N 192.168.1.60 53*
Trying 192.168.1.60...
Connected to 192.168.1.60.
Escape character is '^]'.
But this connects after exactly 15 seconds:
*root at pjp1:/ # telnet 192.168.1.60 53*
Trying 192.168.1.60...
Connected to 192.168.1.60.
Escape character is '^]'.
Grzegorz
More information about the freebsd-jail
mailing list