Solved Jail started with broken network interface (config error) but appeared to be fine.

L

LexiboyBSD

Because I made a (huge) mistake in a config file I ran into a problem that took me long to solve because I missed out on obvious error messages when my jails started.
I guess with the way jails work, the behavior that I encountered is just how it is, not a bug.
But I do want to describe it, maybe it is useful for someone else.

I am using ezjail with per jail configurations. I am running FreeBSD 12.2-RELEASE.

What happened was that the first jail to start had a correct definition of its IP addresses, eg:

export jail_db4_ip="xxx.xxx.171.87,xxxx:xxx:aaac:3c1::87" (obfuscated)

But the config of the jail that started after it accidentally had a line that applied to the previous jail

export jail_db4_ip="xxx.xxx.171.70,xxxx:xxx:aaac:3c1::70" (incorrect rule creating trouble with jail db4) export jail_ns2_ip="xxx.xxx.171.70,xxxx:xxx:aaac:3c1::70" (correct rule)

This messed up the network connection of the jail db4.

But the thing is, at first I did not notice this startup problem and the jails all ran fine.
  • Inside the jail in question (db4) I could reach the other jails and it could also connect to the WAN.
  • The jail ns2 worked both incoming and outgoing.
  • On the host and in the jail, with sockstat, I could see the daemons running in db4 listening for their connections.
  • important: the jail does respond to ping! But is not reachable in any other way. (I forgot to mention, so added this info in last edit)


But in reality the jail was not reachable at all.
It took me a long time figuring out what the problem was because I did not notice the error messages that appeared when the jails started.
 
  • important: the jail does respond to ping! But is not reachable in any other way. (I forgot to mention, so added this info in last edit)
 
You must log in or register to reply here.
Back
Top