Bug 26078

Summary: Jails cannot connect to the main server and to there own local services
Product: Base System Reporter: wevers <wevers>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me CC: phk
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description wevers 2001-03-25 19:00:02 UTC 
I have a server with 20+ jail's
Alway in one or more of the jail's i can not connect to it's own services.
like  telnet JailIP 25 is not possible(inside the jail), every service is working fine, and i can connect to ssh from outside the machine. Services like php-imap does not work because apache can not connect to the imap server. Again an connection to the imap server from outside the server is no problem.
This problem is here sinds Oktober 2000 with FreeBSD 4.x Stable.
Before Okt 2000 netstat -nr did give a jail ip the arp adresses to both the fxp device and the lo0 device.
With the kernel from Feb 26 2001 some off the arp entry's where gone.
I think that those where the jailIP's that did not could connect to there own services.

With the kernel of yesterday i did not see any lo0 devices with jailIP's in netstat -nr.
The problem is that after every reboot the jail with an "localhost" problem is not the same ipnumber!

Fix: 

The workaround is to bind all the jailsIP's to lo0 (thanks to Poul-Henning Kamp)
and do a arp -s $jailip $MACfxp0 pub
Example:
ifconfig lo0 inet alias 10.10.10.224 netmask 255.255.255.255
arp -s 10.10.10.224 00:a0:c9:a6:04:9c pub

Henk Wevers
The Netherlands
Comment 1 perisa 2002-05-29 04:10:57 UTC 
Hi,

does this problem still exists in a recent FreeBSD 4-STABLE system?

Thanks

Marc
Comment 2 henk 2002-05-29 08:23:20 UTC 
No this problem can be closed.
This is because in -STABLE it is not allowed anymore to make aliases in 
the same netmask again with an /24 entry, it now must be for a alias /23

Henk

Marc Perisa wrote:
> Hi,
> 
> does this problem still exists in a recent FreeBSD 4-STABLE system?
> 
> Thanks
> 
> Marc
> 
> 
> 
>
Comment 3 iedowse freebsd_committer freebsd_triage 2002-10-25 02:24:32 UTC 
State Changed
From-To: open->closed


Submitter says that this can be closed (apparently it was caused 
by an incorrect netmask on an interface alias address).