Hi all, I’m testing a few linux triplestore in a linux jail, and used 13.1 which worked fine most of the time.
Now one of the stores shows dropped connections with many clients, and as I can see logs of netlink errors in the logs, I thought I’d try -CURRENT. Sadly, my linux jail (Ubuntu 16.04.7) now shows an irritating behaviour, some programs seem to hang indefinitely waiting for name resolution: Inside the jail: Working version with ping root@bayerlinux:/home/mathiasp/triplestore-analysis/tmp# ping google.de WARNING: setsockopt(ICMP_FILTER): Protocol not available PING google.de (172.217.16.131) 56(84) bytes of data. Outside: root@kap:/usr/home/mathiasp # tcpdump -ni bayerlinux_b tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bayerlinux_b, link-type EN10MB (Ethernet), capture size 262144 bytes 20:17:10.852625 IP 192.168.100.10.13809 > 192.168.100.1.53: 3191+ [1au] A? google.de. (38) 20:17:10.852668 IP 192.168.100.1.53 > 192.168.100.10.13809: 3191 1/0/1 A 172.217.16.131 (54) Non-working with wget (same for curl and others) Inside the jail: root@bayerlinux:/home/mathiasp/triplestore-analysis/tmp# wget http://google.de/ --2023-01-09 19:21:58-- http://google.de/ Resolving google.de (google.de)... (waitet for max 5 minutes, no change) Outside the jail: root@kap:/usr/home/mathiasp # tcpdump -ni bayerlinux_b tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bayerlinux_b, link-type EN10MB (Ethernet), capture size 262144 bytes 20:17:02.738570 IP 192.168.100.10.60967 > 192.168.100.1.53: 30219+ A? google.de. (27) 20:17:02.738893 IP 192.168.100.1.53 > 192.168.100.10.60967: 30219 1/0/0 A 172.217.16.131 (43) So, this tcpdump looks pretty much as if both got answers from unbound. Why is wget (and host, and curl, and sudo) not “getting” this answer? Any ideas where to look or questions about my setup welcome! This Jail works fine on 13.1 This is on a recent current: FreeBSD kap.virtual-earth.de 14.0-CURRENT FreeBSD 14.0-CURRENT #0 main-n259979-9408f36627b7: Mon Jan 9 16:36:51 CET 2023 [email protected]:/usr/obj/usr/src/amd64.amd64/sys/GENERIC-NODEBUG amd64 /etc/jail.conf looks like this: $iface="igb0"; $j="/jail"; path="/jails/$name"; mount.devfs; exec.clean; exec.start="sh /etc/rc"; exec.stop="sh /etc/rc.shutdown"; exec.prestart="logger starting jail $name ..."; exec.poststart="logger jail $name has started"; exec.prestop="logger shutting down jail $name"; exec.poststop="logger jail $name has shut down"; # generic hostnames host.hostname="$name.kap.local"; # vnet jails vnet; vnet.interface="${name}_j"; exec.prestart+="/usr/local/sbin/jailtobridge $name jailbridge0"; exec.poststop+="/sbin/ifconfig jailbridge0 deletem ${name}_b;/sbin/ifconfig ${name}_b destroy"; exec.consolelog="/var/log/jails/$name-console.log"; # linux jails # needs FreeBSD ifconfig and route from /rescue to work! bayerlinux { mount.fstab="/jails/fstabs/bayerlinux"; allow.mount; allow.raw_sockets; allow.read_msgbuf; allow.socket_af; sysvmsg; sysvsem; sysvshm; exec.start = "/etc/init.d/rc 3"; exec.stop = "/etc/init.d/rc 0"; persist; } Thanks, Mathias Mathias Picker Geschäftsführer virtual earth Gesellschaft für Wissens re/prä sentation mbH Westendstr. 142 80339 München +4915256178344
