Jail listening on same ports as base host

Farhan Khan · May 16, 2016

Hi!

I setup a Jail, but it is listening on the same ports as the base OS. So, if the base is listening on port 80, the Jail IP also has port 80 listening. No service is listening on that port.

Using ezjail-admin, I setup a Jail called code. I modified the export_jail_code_ip line of /usr/local/etc/ezjail/code to be this (IPv6 address changed per RFC 3849):

Code:

export jail_code_ip="lo1|127.0.1.1,vtnet0|2001:DB8::c0de/64,192.168.128.2/17"

When I do sockstat -l, nothing comes up as listening port 80.

The base OS's vtnet0 interface has both the IP address of the base and jail.
What is causing this?

Farhan Khan · May 16, 2016

It appears that you have to manually set which IPs all subsequent services are listening on, per this:
https://forums.freebsd.org/threads/45032/

Farhan Khan · May 17, 2016

Nevermind...I am using FreeBSD, but on my FreeNAS box I don't seem to have this problem. The Base OS on FreeNAS has a separate virtual interface for each jail. Yet, my FreeBSD box is all using the same interface (vtnet0).

Did I misconfigure something?

Farhan Khan · May 19, 2016

I think this might be a bug in the Handbook. Any thoughts?

wblock@ · May 20, 2016

More likely that FreeNAS does things differently than stock FreeBSD. That would not be surprising.

SirDice · May 20, 2016

Farhan Khan said:
The Base OS on FreeNAS has a separate virtual interface for each jail.

As far as I know FreeNAS uses VNET/VIMAGE.

Jail listening on same ports as base host

Farhan Khan

Farhan Khan

Farhan Khan

Farhan Khan

wblock@

SirDice

Administrator