isc-dhcpd and jails bound to an aliased ip

Attempting to run isc-dhcpd (using USE_SOCKETS) inside a jail
bound to an aliased ip does not appear to work. The process never seems
to recieve any broadcast traffic; however, it does see unicast traffic
as would be expected. I'm not sure how to debug this since one cannot
run tcpdump in the jail to see what traffic is getting there obviously.

It works fine if I change the jail to bind to the primary ip on the
interface. Not surprisingly, it also works fine if I run it outside of a
jail using BPF. Changing the broadcast addresses on the aliases does not
seem to change anything.

It is just that the kernel will not deliver broadcasts to jails on ip
aliases as I suspect? Yes, I now I have a "zombied" jail in the jls
listing. There are no processes with a JID of 2 running, and I'm
reluctant to reboot the machine because it's in production.

If I have to run the jail on the primary ip address, that's okay. I
would just prefer to have it running in a seperate jail and still have
ssh running on the standard port (less confusing to users).

Relevant configuration:

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet6 fe80::213:72ff:fe4b:70e7%em0 prefixlen 64 scopeid 0x1
inet 136.168.1.5 netmask 0xffff0000 broadcast 136.168.255.255
inet 136.168.1.8 netmask 0xffffffff broadcast 136.168.1.8
inet 136.168.1.91 netmask 0xffffffff broadcast 136.168.1.91
ether 00:13:72:4b:70:e7
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active

# global jail knobs
jail_enable="YES"
jail_list="ns1 netstat"
jail_set_hostname_allow="NO"

# ns1 jail
jail_ns1_rootdir="/usr/jail/ns1"
jail_ns1_hostname="ns1.csub.edu"
jail_ns1_ip="136.168.1.91"
jail_ns1_exec_start="/bin/sh /etc/rc"
jail_ns1_devfs_enable="YES"
jail_ns1_mount_enable="YES"

# netstat jail
jail_netstat_rootdir="/usr/jail/netstat"
jail_netstat_hostname="netstat.csub.edu"
jail_netstat_ip="136.168.1.8"
jail_netstat_exec_start="/bin/sh /etc/rc"
jail_netstat_devfs_enable="YES"
jail_netstat_mount_enable="YES"

JID IP Address Hostname Path
8 136.168.1.91 ns1.csub.edu /usr/jail/ns1
4 136.168.1.8 netstat.csub.edu /usr/jail/netstat
2 136.168.1.91 ns1.csub.edu /usr/jail/ns1

Thanks,
--
Russell A. Jackson <raj@xxxxxxxx>
Network Analyst
CSUB Network Services
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: static ip address and ifconfig
    ... inet 75.99.82.91 netmask 0xfffffff8 broadcast 75.99.82.95 ... interface name to bound to which automatically creates an alias for the jails ip address at jail start time and also removes it when the jail stopped. ...
    (freebsd-questions)
  • Re: Cant login Jailed system
    ... Here is the network configuraiton of the host system and the jail system: ... inet 192.168.1.246 netmask 0xffffff00 broadcast 192.168.1.255 ...
    (freebsd-net)
  • Cant login Jailed system
    ... Here is the network configuraiton of the host system and the jail system: ... inet 192.168.1.246 netmask 0xffffff00 broadcast 192.168.1.255 ...
    (freebsd-net)
  • Re: How Are You Celebrating Falwells Death...???
    ... I caught a glimpse of Bakker after he got out of jail. ... dead now but still being broadcast. ... i still miss robert 'bob' tilton, of 'success 'n' life' fame since he ... was chased off broadcast t.v. onto cable when prayer requests were ...
    (rec.food.cooking)
  • bandwidth throttling?
    ... inet 192.168.1.126 netmask 0xffffff00 broadcast 192.168.1.255 ... jail on the same machine running off the .127 IP. ...
    (freebsd-questions)