mDNSResponder not working within a jail

Khaine

Member

Reaction score: 4
Messages: 59

I have just migrated my netatalk server to be inside a jail. I can access my shares directly using the IP address, however mDNSResponder does not work.

Unfortunately, mDNSResponder is terrible at logging, I ran it in interactive mode by using the following:

Code:
# /usr/local/bin/mDNSResponderPosix -v 2 -f /usr/local/etc/mDNSResponder.conf 
mDNSResponderPosix: Starting in foreground mode, PID 2796
socket AF_INET6: Protocol not supported

This is the output of ifconfig

Code:
# ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
	ether a0:b3:cc:e2:5d:7d
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33152
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet 192.168.0.1 netmask 0xffffffff 
lo2: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>

The jail is using interface lo1

On the host I have the following in /etc/rc.conf

Code:
# -- Jails
ezjail_enable="YES"

cloned_interfaces="lo1 lo2"

ifconfig_lo1_alias0="inet 192.168.0.1  netmask 255.255.255.255"
ifconfig_lo2_alias1="inet 192.168.0.2  netmask 255.255.255.255"

On the host this is the output of ifconfig

Code:
# ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
	ether a0:b3:cc:e2:5d:7d
	inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33152
	nd6 options=9<PERFORMNUD,IFDISABLED>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet 192.168.0.1 netmask 0xffffffff 
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo2: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Does anyone know how to resolve this?

Thanks in advance.
 

woodsb02

Active Member

Reaction score: 71
Messages: 165

My understanding is that services running in a jail are able to make multicast announcements to the world, but multicast traffic from other devices go to the host and don't make it to the jail.

This has been discussed by a number of people before, but unfortunately I don't know of any plans to resolve it.

The easiest answer I know of is to use VIMAGE in your jails, which causes the entire network stack in the jail to be emulated and allows services in the jail to receive multicast traffic from the network.

On FreeBSD that means compiling a custom kernel with VIMAGE enabled.

Note that the pf(4) firewall has a few issues working with VIMAGE enabled... you might be better off using the ipfw(8) firewall with VIMAGE if you need one.
 
Top