On 2019-02-28 03:58, Miroslav Lachman wrote:
Is there some easy way to determine the primary (source) address which
is used in jail with multiple IP addresses?
I came to this problem with running local_unbound in jail. Unbound
refuses queries originating in this jail because the do not come from
real 127.0.0.1 (which is the only one allowed by default). Unbound in
jail see requests come from jails IP. It is easy to determine (in
shell script) if jail has only one IP.
But what in case where jail has multiple IPs? Is there some sysctl or
some call to ifconfig or any other util to get the IP which will be
used as source address for queries on local services in jail?
I know I can allow all IPs of jail in
access-control: a.b.c.d/32 allow
access-control: e.f.g.h/32 allow
I am just curios if there is some way to get "primary" IP in jail
without calling anything from the host environment.
There's nothing reliable that I know of. Lists of address like that
from "ifconfig -a" or "netstat -rn" are in the order that they exist on
the host, filtered so only in-jail addresses show up. While this may
work for jails that always create aliases for their addresses in the
defined order (as jail(8) will). they don't work in cases where the
address already exists. It will also have problems when the addresses
are on different interfaces.
- Jamie
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
