isc-dhcpd and jails bound to an aliased ip

Attempting to run isc-dhcpd (using USE_SOCKETS) inside a jail
bound to an aliased ip does not appear to work. The process never seems
to recieve any broadcast traffic; however, it does see unicast traffic
as would be expected. I'm not sure how to debug this since one cannot
run tcpdump in the jail to see what traffic is getting there obviously.

It works fine if I change the jail to bind to the primary ip on the
interface. Not surprisingly, it also works fine if I run it outside of a
jail using BPF. Changing the broadcast addresses on the aliases does not
seem to change anything.

It is just that the kernel will not deliver broadcasts to jails on ip
aliases as I suspect? Yes, I now I have a "zombied" jail in the jls
listing. There are no processes with a JID of 2 running, and I'm
reluctant to reboot the machine because it's in production.

If I have to run the jail on the primary ip address, that's okay. I
would just prefer to have it running in a seperate jail and still have
ssh running on the standard port (less confusing to users).

Relevant configuration:

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet6 fe80::213:72ff:fe4b:70e7%em0 prefixlen 64 scopeid 0x1
inet 136.168.1.5 netmask 0xffff0000 broadcast 136.168.255.255
inet 136.168.1.8 netmask 0xffffffff broadcast 136.168.1.8
inet 136.168.1.91 netmask 0xffffffff broadcast 136.168.1.91
ether 00:13:72:4b:70:e7
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active

# global jail knobs
jail_enable="YES"
jail_list="ns1 netstat"
jail_set_hostname_allow="NO"

# ns1 jail
jail_ns1_rootdir="/usr/jail/ns1"
jail_ns1_hostname="ns1.csub.edu"
jail_ns1_ip="136.168.1.91"
jail_ns1_exec_start="/bin/sh /etc/rc"
jail_ns1_devfs_enable="YES"
jail_ns1_mount_enable="YES"

# netstat jail
jail_netstat_rootdir="/usr/jail/netstat"
jail_netstat_hostname="netstat.csub.edu"
jail_netstat_ip="136.168.1.8"
jail_netstat_exec_start="/bin/sh /etc/rc"
jail_netstat_devfs_enable="YES"
jail_netstat_mount_enable="YES"

JID IP Address Hostname Path
8 136.168.1.91 ns1.csub.edu /usr/jail/ns1
4 136.168.1.8 netstat.csub.edu /usr/jail/netstat
2 136.168.1.91 ns1.csub.edu /usr/jail/ns1

Thanks,
--
Russell A. Jackson <raj@xxxxxxxx>
Network Analyst
CSUB Network Services
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Cant login Jailed system
    ... Here is the network configuraiton of the host system and the jail system: ... inet 192.168.1.246 netmask 0xffffff00 broadcast 192.168.1.255 ...
    (freebsd-net)
  • Cant login Jailed system
    ... Here is the network configuraiton of the host system and the jail system: ... inet 192.168.1.246 netmask 0xffffff00 broadcast 192.168.1.255 ...
    (freebsd-net)
  • Re: How Are You Celebrating Falwells Death...???
    ... I caught a glimpse of Bakker after he got out of jail. ... dead now but still being broadcast. ... i still miss robert 'bob' tilton, of 'success 'n' life' fame since he ... was chased off broadcast t.v. onto cable when prayer requests were ...
    (rec.food.cooking)
  • Jail
    ... when i try to ssh to my jail. ... inet 209.94.197.222 netmask 0xffffffe0 broadcast 209.94.197.223 ... I HAD this entry in my ipnat.conf but it hangs my connection ... advanced junk mail protection and 2 months FREE* ...
    (freebsd-questions)
  • Re: XM and Sirius getting a bad reception
    ... One of your cell mates when you were in jail. ... Who is Karmazen, police impersonator? ... The Big Ass Broadcast ... The greatest internet radio show in the world. ...
    (alt.fan.howard-stern)