On Thu, 20 Nov 2008, Eugene Grosbein wrote: Hi,
freebsd-jail@ is a good place to ask jail questiosn as well.
For some strange reason, RAW sockets (when allowed) and TCP beheave very differently in jail (7.1-PRERELEASE). In host's rc.conf: jail_enable="YES" jail_list="test" jail_devfs_enable="YES" jail_test_rootdir="/mnt/big/jail/test" jail_test_hostname="myname.ru" jail_test_ip="192.168.0.1" jail_test_interface="lo0" "/etc/rc.d/jail start" does all right and I may rlogin into jail. In host environment I run tcpdump -np -i lo0. Inside jail I ping 127.0.0.1, it succeedes and tcpdump shows that requests go from 192.168.0.1 to 127.0.0.1 really. But when I try to telnet 127.0.0.1 25 from jail, tcpdump shows that TCP SYN are sent to 192.168.0.1, so telnet fails. There is no NAT here. It it a bug?
What happens with TCP is the expected behaviour. I wonder more about the raw socket case and am not sure this is correct. jails try to "simulate" the non-existing loopback by re-writing the IPs to the jail-IP, which obviously has other implications. You should never be able to connect from inside the jail to the base systems 127.0.0.1 loopback IP. This is a known "feature" (limitation) of jails. Full network stack virtualization will no longer have that problem. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
