FreeBSD sometimes uses the router for packets on the local network
Anton Farber
dr_sweety_1337 at hotmail.com
Tue Apr 7 11:29:47 UTC 2015
> On Tue, Apr 07, 2015 at 07:04:40AM +0000, Anton Farber wrote:
>>> On Mon, Apr 6, 2015 at 12:15 PM, Anton Farber
>>> wrote:
>>>> I've opened a thread on the FreeBSD networking forum (https://forums.freebsd.org/threads/jail-fails-to-connect-to-main-host.50833/) as sometime ago my FreeBSD server (initially running 10.1, now CURRENT) started to behave strangely after an upgrade from 10.0 to 10.1. I first noticed that a jail (192.168.1.5) wasn't able to contact the base system (192.168.1.1). Running a tcpdump revealed the following: the jail is using em0 instead of lo0 for communicating with the base system:
>>>
>>> You need to look at your routing tables. From inside the jail, run
>>> "netstat -rn -f inet". You probably won't see any entry for 127.0.0.1
>>> or 127.0.0.0/8. Those are the entries that your jail needs in order
>>> to talk to the base system. You can add them, but think carefully.
>>> Many server processes, such as ntpd, have reduced security for
>>> connections coming over 127.0.0.1. Whether or not it is appropriate
>>> to add those routes depends on why you are using a jail.
>>
>> Ok, so the behaviour I'm seeing regarding the communication between jail and base system is to be expected then. My reason for posting it was, that I was unsure whether it might have anything to do with the main problem. I don't think that this is the case so the question remains, why is my FreeBSD server sometimes using the router for contacting hosts on the local network?
>
> This was very strange proposal to look at routing tables inside jail.
> Do you use VNET-enabled kernel ? If not, there is no separate instance of
> the network stack per jail. The netstat -rn output in jail for non-VNET
> kernels is simply not relevant to your problem. The same issues must be
> present when non-jailed process using the same source address selection.
No, I'm not using a VNET-enabled kernel (at least not to my knowledge :). I'm not sure whether my problem is jail related at all... It's just where it first manifested itself: suddenly I wasn't able to connect from my jail to the base system when using SSH or IMAP (roundcube). It was only later one that I realized, that the base system was having troubles connecting to random hosts on the local network (as described in my initial post).
Regards, Anton
More information about the freebsd-net
mailing list