What have I neglected to do in order to get networking in a jail?

James B. Byrne byrnejb at harte-lyne.ca
Thu May 31 19:02:04 UTC 2018 

On Thu, May 31, 2018 10:29, Arthur Chance wrote:
> On 31/05/2018 15:21, James B. Byrne wrote:
>>
>> On Thu, May 31, 2018 09:40, Arthur Chance wrote:
>>
>>>
>>> I've just taken another look at your original mail. I think the key
>>> might be in this
>>>
>>>> [root at host:~]# jls
>>>>    JID  IP Address      Hostname                      Path
>>>>      1  127.0.31.1      mx31
>>>> /usr/jails/mx31
>>>
>>> Note address ^^^^^
>>>
>>
>> The command jls reports the loopback address for all of the jails I
>> have defined on other hosts.  For example:
>>
>> [root at vhost02 ~]# jls
>>    JID  IP Address      Hostname              Path
>>      2  127.0.34.1      hlldns04              /usr/jails/hlldns04
>>      3  127.0.150.1     hllmx150              /usr/jails/hllmx150
>>

>
> Addresses in 127/8 must not appear on the network anywhere
> (https://tools.ietf.org/html/rfc5735#page-3), and FreeBSD has specific
> checks in the networking code to prevent this. If any jail with such
> an
> address is contacting the network then there must be some form of NAT
> involved. I can only suggest you check for differences between the
> jails
> that can get out and the one that can't *and* look for NAT on the
> host(s) with jails that can get out.
>

The 127.0.x.1 addresses are used by the cloned loopback interfaces
that the jails require.  Traffic on those addresses is going nowhere
but back to the jail that owns them.

I have several hosts with multiple jails and on every one of them the
jls command displays the loopback address assigned to the jail.

[root at vhost04 ~ (master #)]# jls
   JID  IP Address      Hostname              Path
     1  127.0.124.1     hll124                /usr/jails/hll124


[root at vhost02 ~]# jls
   JID  IP Address      Hostname              Path
     1  127.0.150.1     hllmx150              /usr/jails/hllmx150
     2  127.0.34.1      hlldns04              /usr/jails/hlldns04


[root at vhost03 ~]# jls
   JID  IP Address      Hostname              Path
     1  127.0.151.1     hllmx04               /usr/jails/hllmx04
     2  127.0.33.1      hlldns02              /usr/jails/hlldns02

I can go on but I believe that the point is made. Each of these jails
can reach the internet.  Some hosts are on the same LAN segment as the
host with the jail I am having problems with.  NAT is not involved as
the IP address assigned to the jail's virtual interface is public.

I have discovered my error.  It is a typo in the IP address assigned
to the jail.  I wrote 218.185.71.31 when it should have been
216.185.71.31.
I must have looked at that line in the jail configuration file a dozen
times or more and missed it.

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the freebsd-questions mailing list