-----Original Message-----
From: Nikos Vassiliadis
Sent: Wednesday, January 04, 2012 9:54 AM
To: Andrew Hotlab
Cc: FreeBSD-Jail
Subject: Re: jailed process listening on host addresses
On 1/4/2012 3:10 AM, Andrew Hotlab wrote:
> I noticed a strange behavior some days ago, but I can't say how much
> long it have been happening for. Some processes which are running in
> different jails on the same host seems to be listening on all host IPs.
>
> It's happening on several host right now (all are running FreeBSD/amd64
> 8.2-RELEASE-p5), with both UDP and TCP listeners. Any jail is using a
> single unicast IP address. I really hope to miss something important...
> or should I guess that these processes are "escaping" from the jails?!
> :S
>
Could you share more about your setup?
ifconfig, jls, ps in the jail, commands given to create the jail...
I tried to reproduce the problem on a amd64 8.2-RELEASE, without
success.
Thank you Nikos, the following commands are executed on the host:
# ifconfig xl0
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=82009<RXCSUM,VLAN_MTU,WOL_MAGIC,LINKSTATE>
ether 00:01:02:aa:9f:c2
inet 172.19.2.48 netmask 0xffffff00 broadcast 172.19.2.255
inet 172.19.2.49 netmask 0xffffffff broadcast 172.19.2.49
inet 172.19.2.50 netmask 0xffffffff broadcast 172.19.2.50
inet 172.19.2.51 netmask 0xffffffff broadcast 172.19.2.51
inet 172.19.2.52 netmask 0xffffffff broadcast 172.19.2.52
inet 172.19.2.53 netmask 0xffffffff broadcast 172.19.2.53
inet 172.19.2.54 netmask 0xffffffff broadcast 172.19.2.54
inet 172.19.2.55 netmask 0xffffffff broadcast 172.19.2.55
inet 172.19.2.56 netmask 0xffffffff broadcast 172.19.2.56
inet 172.19.2.57 netmask 0xffffffff broadcast 172.19.2.57
inet 172.19.2.58 netmask 0xffffffff broadcast 172.19.2.58
inet 172.19.2.59 netmask 0xffffffff broadcast 172.19.2.59
inet 172.19.2.60 netmask 0xffffffff broadcast 172.19.2.60
inet 172.19.2.61 netmask 0xffffffff broadcast 172.19.2.61
inet 172.19.2.62 netmask 0xffffffff broadcast 172.19.2.62
inet 172.19.2.63 netmask 0xffffffff broadcast 172.19.2.63
media: Ethernet autoselect (100baseTX
<full-duplex,flowcontrol,rxpause,txpause>)
status: active
# jls | grep 172.19.2.50
5 172.19.2.50 rjpbx01 /usr/jails/rjpbx01
# jexec 5 /usr/local/etc/rc.d/asterisk start
Starting asterisk.
# sockstat -4l | grep asterisk
931 asterisk 91780 11 udp4 172.19.2.50:5060 *:*
931 asterisk 91780 12 tcp4 172.19.2.50:2000 *:*
931 asterisk 91780 18 tcp4 172.19.2.50:1720 *:*
931 asterisk 91780 19 udp4 172.19.2.50:2727 *:*
931 asterisk 91780 22 udp4 172.19.2.50:4569 *:*
931 asterisk 91780 23 udp4 *:* *:*
931 asterisk 91780 24 udp4 172.19.2.50:4520 *:*
I think there might be a problem with specific processes (in this case,
asterisk), because if I run several other commands (for example the nc(1)
you showed me), all is working as expected.
Until now, I noticed this behavior with these processes: unfsd, rpcbind,
asterisk, transmission-daemon, mDNSResponderPosix.
I'll try to test the same daemons in a jail with another version of FreeBSD
as soon as possible. I will also verify whether these daemon are really
listening on all IP addresses, by analyzing some traffic with tcpdump(1).
Andrew
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"