FreeBSD: adding ip alias to interface breaks network on primary ip
I am trying to add an alias to my network card (I would like to use jails) on my FreeBSD box. It is running version 10.2-RELEASE-p7 (generic amd64 kernel).
The machine is running in a Hyper-V virtual machine, but I experience the same thing on my physical box, the only difference is that is is running the x86 (32bit) version of the same 10.2 kernel.
The network interface hn0 has a static IP address: 192.168.0.51/24, my default router is 192.168.0.1. Everything works fine, until I add the alias:
ifconfig hn0 inet 192.168.0.200/32 alias
This creates the alias on hn0 as ifconfig shows:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=31b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6>
ether 00:15:5d:00:0f:00
inet 192.168.0.51 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.200 netmask 0xffffffff broadcast 192.168.0.200
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
The problem is that as soon as I have the alias in place, I cannot reach any host outside my subnet (even when using the host's IP address). E.g. a google nameserver:
ping 8.8.8.8
ping 8.8.8.8 (8.8.8.8): 56 data bytes
However, I can ping anything using the alias as the source:
ping -S 192.168.0.200 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.0.200: 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=56 time=11.137 ms
...
If the alias is created by jail(8) when starting a jail, the jail using the alias has network access, while the host does not. After removing the alias I have to restart the services netif and routing to regain network access on the primary IP of the host.
When the jail runs, I can ssh into it or I can ping it using the IP alias.
Based on the fact that I cannot ping external nodes using their IP my guess would be that there is something wrong with the routing. Name resolving does not work as my box is unable to reach the DNS servers. Here is my netstat -rn output before adding the alias:
Destination Gateway Flags Netif Expire
default 192.168.0.1 UGS hn0
127.0.0.1 link#1 UH lo0
192.168.0.0/24 link#2 U hn0
192.168.0.51 link#2 UHS lo0
and after the alias has been created:
Destination Gateway Flags Netif Expire
default 192.168.0.1 UGS hn0
127.0.0.1 link#1 UH lo0
192.168.0.0/24 link#2 U hn0
192.168.0.51 link#2 UHS lo0
192.168.0.200 link#2 UHS lo0
192.168.0.200/32 link#2 U hn0
IPv6 values are omitted as I have disabled IPv6 by adding
ipv6_network_interfaces="none"
ipv6_activate_all_interfaces="NO"
to /etc/rc.conf
I am no expert at network setup, but I have read everything I could find about jails and IP aliases but I haven't found anything helpful. Maybe I am overlooking something trivial, but I have no idea what breaks network access on the host.
networking freebsd ip jails ifconfig
add a comment |
I am trying to add an alias to my network card (I would like to use jails) on my FreeBSD box. It is running version 10.2-RELEASE-p7 (generic amd64 kernel).
The machine is running in a Hyper-V virtual machine, but I experience the same thing on my physical box, the only difference is that is is running the x86 (32bit) version of the same 10.2 kernel.
The network interface hn0 has a static IP address: 192.168.0.51/24, my default router is 192.168.0.1. Everything works fine, until I add the alias:
ifconfig hn0 inet 192.168.0.200/32 alias
This creates the alias on hn0 as ifconfig shows:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=31b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6>
ether 00:15:5d:00:0f:00
inet 192.168.0.51 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.200 netmask 0xffffffff broadcast 192.168.0.200
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
The problem is that as soon as I have the alias in place, I cannot reach any host outside my subnet (even when using the host's IP address). E.g. a google nameserver:
ping 8.8.8.8
ping 8.8.8.8 (8.8.8.8): 56 data bytes
However, I can ping anything using the alias as the source:
ping -S 192.168.0.200 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.0.200: 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=56 time=11.137 ms
...
If the alias is created by jail(8) when starting a jail, the jail using the alias has network access, while the host does not. After removing the alias I have to restart the services netif and routing to regain network access on the primary IP of the host.
When the jail runs, I can ssh into it or I can ping it using the IP alias.
Based on the fact that I cannot ping external nodes using their IP my guess would be that there is something wrong with the routing. Name resolving does not work as my box is unable to reach the DNS servers. Here is my netstat -rn output before adding the alias:
Destination Gateway Flags Netif Expire
default 192.168.0.1 UGS hn0
127.0.0.1 link#1 UH lo0
192.168.0.0/24 link#2 U hn0
192.168.0.51 link#2 UHS lo0
and after the alias has been created:
Destination Gateway Flags Netif Expire
default 192.168.0.1 UGS hn0
127.0.0.1 link#1 UH lo0
192.168.0.0/24 link#2 U hn0
192.168.0.51 link#2 UHS lo0
192.168.0.200 link#2 UHS lo0
192.168.0.200/32 link#2 U hn0
IPv6 values are omitted as I have disabled IPv6 by adding
ipv6_network_interfaces="none"
ipv6_activate_all_interfaces="NO"
to /etc/rc.conf
I am no expert at network setup, but I have read everything I could find about jails and IP aliases but I haven't found anything helpful. Maybe I am overlooking something trivial, but I have no idea what breaks network access on the host.
networking freebsd ip jails ifconfig
1
I can also repro the issue from regular configuration if — and only if — I specify the interface card, (ieip4.addr += "em0|1.2.3.4"
). To provide IPs only doesn't break network (ip4.addr += "1.2.3.4"
). To flush routes and reconfigure them works well (or/etc/rc.d/netif restart ; /etc/rc.d/routing restart
).
– Dereckson
Oct 20 '16 at 13:30
add a comment |
I am trying to add an alias to my network card (I would like to use jails) on my FreeBSD box. It is running version 10.2-RELEASE-p7 (generic amd64 kernel).
The machine is running in a Hyper-V virtual machine, but I experience the same thing on my physical box, the only difference is that is is running the x86 (32bit) version of the same 10.2 kernel.
The network interface hn0 has a static IP address: 192.168.0.51/24, my default router is 192.168.0.1. Everything works fine, until I add the alias:
ifconfig hn0 inet 192.168.0.200/32 alias
This creates the alias on hn0 as ifconfig shows:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=31b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6>
ether 00:15:5d:00:0f:00
inet 192.168.0.51 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.200 netmask 0xffffffff broadcast 192.168.0.200
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
The problem is that as soon as I have the alias in place, I cannot reach any host outside my subnet (even when using the host's IP address). E.g. a google nameserver:
ping 8.8.8.8
ping 8.8.8.8 (8.8.8.8): 56 data bytes
However, I can ping anything using the alias as the source:
ping -S 192.168.0.200 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.0.200: 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=56 time=11.137 ms
...
If the alias is created by jail(8) when starting a jail, the jail using the alias has network access, while the host does not. After removing the alias I have to restart the services netif and routing to regain network access on the primary IP of the host.
When the jail runs, I can ssh into it or I can ping it using the IP alias.
Based on the fact that I cannot ping external nodes using their IP my guess would be that there is something wrong with the routing. Name resolving does not work as my box is unable to reach the DNS servers. Here is my netstat -rn output before adding the alias:
Destination Gateway Flags Netif Expire
default 192.168.0.1 UGS hn0
127.0.0.1 link#1 UH lo0
192.168.0.0/24 link#2 U hn0
192.168.0.51 link#2 UHS lo0
and after the alias has been created:
Destination Gateway Flags Netif Expire
default 192.168.0.1 UGS hn0
127.0.0.1 link#1 UH lo0
192.168.0.0/24 link#2 U hn0
192.168.0.51 link#2 UHS lo0
192.168.0.200 link#2 UHS lo0
192.168.0.200/32 link#2 U hn0
IPv6 values are omitted as I have disabled IPv6 by adding
ipv6_network_interfaces="none"
ipv6_activate_all_interfaces="NO"
to /etc/rc.conf
I am no expert at network setup, but I have read everything I could find about jails and IP aliases but I haven't found anything helpful. Maybe I am overlooking something trivial, but I have no idea what breaks network access on the host.
networking freebsd ip jails ifconfig
I am trying to add an alias to my network card (I would like to use jails) on my FreeBSD box. It is running version 10.2-RELEASE-p7 (generic amd64 kernel).
The machine is running in a Hyper-V virtual machine, but I experience the same thing on my physical box, the only difference is that is is running the x86 (32bit) version of the same 10.2 kernel.
The network interface hn0 has a static IP address: 192.168.0.51/24, my default router is 192.168.0.1. Everything works fine, until I add the alias:
ifconfig hn0 inet 192.168.0.200/32 alias
This creates the alias on hn0 as ifconfig shows:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=31b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6>
ether 00:15:5d:00:0f:00
inet 192.168.0.51 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.200 netmask 0xffffffff broadcast 192.168.0.200
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
The problem is that as soon as I have the alias in place, I cannot reach any host outside my subnet (even when using the host's IP address). E.g. a google nameserver:
ping 8.8.8.8
ping 8.8.8.8 (8.8.8.8): 56 data bytes
However, I can ping anything using the alias as the source:
ping -S 192.168.0.200 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.0.200: 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=56 time=11.137 ms
...
If the alias is created by jail(8) when starting a jail, the jail using the alias has network access, while the host does not. After removing the alias I have to restart the services netif and routing to regain network access on the primary IP of the host.
When the jail runs, I can ssh into it or I can ping it using the IP alias.
Based on the fact that I cannot ping external nodes using their IP my guess would be that there is something wrong with the routing. Name resolving does not work as my box is unable to reach the DNS servers. Here is my netstat -rn output before adding the alias:
Destination Gateway Flags Netif Expire
default 192.168.0.1 UGS hn0
127.0.0.1 link#1 UH lo0
192.168.0.0/24 link#2 U hn0
192.168.0.51 link#2 UHS lo0
and after the alias has been created:
Destination Gateway Flags Netif Expire
default 192.168.0.1 UGS hn0
127.0.0.1 link#1 UH lo0
192.168.0.0/24 link#2 U hn0
192.168.0.51 link#2 UHS lo0
192.168.0.200 link#2 UHS lo0
192.168.0.200/32 link#2 U hn0
IPv6 values are omitted as I have disabled IPv6 by adding
ipv6_network_interfaces="none"
ipv6_activate_all_interfaces="NO"
to /etc/rc.conf
I am no expert at network setup, but I have read everything I could find about jails and IP aliases but I haven't found anything helpful. Maybe I am overlooking something trivial, but I have no idea what breaks network access on the host.
networking freebsd ip jails ifconfig
networking freebsd ip jails ifconfig
asked Dec 5 '15 at 17:24
LittlePilgrimLittlePilgrim
65
65
1
I can also repro the issue from regular configuration if — and only if — I specify the interface card, (ieip4.addr += "em0|1.2.3.4"
). To provide IPs only doesn't break network (ip4.addr += "1.2.3.4"
). To flush routes and reconfigure them works well (or/etc/rc.d/netif restart ; /etc/rc.d/routing restart
).
– Dereckson
Oct 20 '16 at 13:30
add a comment |
1
I can also repro the issue from regular configuration if — and only if — I specify the interface card, (ieip4.addr += "em0|1.2.3.4"
). To provide IPs only doesn't break network (ip4.addr += "1.2.3.4"
). To flush routes and reconfigure them works well (or/etc/rc.d/netif restart ; /etc/rc.d/routing restart
).
– Dereckson
Oct 20 '16 at 13:30
1
1
I can also repro the issue from regular configuration if — and only if — I specify the interface card, (ie
ip4.addr += "em0|1.2.3.4"
). To provide IPs only doesn't break network (ip4.addr += "1.2.3.4"
). To flush routes and reconfigure them works well (or /etc/rc.d/netif restart ; /etc/rc.d/routing restart
).– Dereckson
Oct 20 '16 at 13:30
I can also repro the issue from regular configuration if — and only if — I specify the interface card, (ie
ip4.addr += "em0|1.2.3.4"
). To provide IPs only doesn't break network (ip4.addr += "1.2.3.4"
). To flush routes and reconfigure them works well (or /etc/rc.d/netif restart ; /etc/rc.d/routing restart
).– Dereckson
Oct 20 '16 at 13:30
add a comment |
1 Answer
1
active
oldest
votes
net mask is too wide, try
ifconfig hn0 inet 192.168.0.200/24 alias
Alias must be on same network usually.
Thanks, I have just tried it, but unfortunately the result is the same. Moreover, jail creates the alias automatically with a /32 netmask (maybe it can be changed somehow).
– LittlePilgrim
Dec 5 '15 at 17:56
Aliases within the same subnet usually use a /32 netmask. It's documented in ifconfig(8)
– Richard Smith
Dec 5 '15 at 19:13
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f247569%2ffreebsd-adding-ip-alias-to-interface-breaks-network-on-primary-ip%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
net mask is too wide, try
ifconfig hn0 inet 192.168.0.200/24 alias
Alias must be on same network usually.
Thanks, I have just tried it, but unfortunately the result is the same. Moreover, jail creates the alias automatically with a /32 netmask (maybe it can be changed somehow).
– LittlePilgrim
Dec 5 '15 at 17:56
Aliases within the same subnet usually use a /32 netmask. It's documented in ifconfig(8)
– Richard Smith
Dec 5 '15 at 19:13
add a comment |
net mask is too wide, try
ifconfig hn0 inet 192.168.0.200/24 alias
Alias must be on same network usually.
Thanks, I have just tried it, but unfortunately the result is the same. Moreover, jail creates the alias automatically with a /32 netmask (maybe it can be changed somehow).
– LittlePilgrim
Dec 5 '15 at 17:56
Aliases within the same subnet usually use a /32 netmask. It's documented in ifconfig(8)
– Richard Smith
Dec 5 '15 at 19:13
add a comment |
net mask is too wide, try
ifconfig hn0 inet 192.168.0.200/24 alias
Alias must be on same network usually.
net mask is too wide, try
ifconfig hn0 inet 192.168.0.200/24 alias
Alias must be on same network usually.
answered Dec 5 '15 at 17:45
ArchemarArchemar
20.2k93772
20.2k93772
Thanks, I have just tried it, but unfortunately the result is the same. Moreover, jail creates the alias automatically with a /32 netmask (maybe it can be changed somehow).
– LittlePilgrim
Dec 5 '15 at 17:56
Aliases within the same subnet usually use a /32 netmask. It's documented in ifconfig(8)
– Richard Smith
Dec 5 '15 at 19:13
add a comment |
Thanks, I have just tried it, but unfortunately the result is the same. Moreover, jail creates the alias automatically with a /32 netmask (maybe it can be changed somehow).
– LittlePilgrim
Dec 5 '15 at 17:56
Aliases within the same subnet usually use a /32 netmask. It's documented in ifconfig(8)
– Richard Smith
Dec 5 '15 at 19:13
Thanks, I have just tried it, but unfortunately the result is the same. Moreover, jail creates the alias automatically with a /32 netmask (maybe it can be changed somehow).
– LittlePilgrim
Dec 5 '15 at 17:56
Thanks, I have just tried it, but unfortunately the result is the same. Moreover, jail creates the alias automatically with a /32 netmask (maybe it can be changed somehow).
– LittlePilgrim
Dec 5 '15 at 17:56
Aliases within the same subnet usually use a /32 netmask. It's documented in ifconfig(8)
– Richard Smith
Dec 5 '15 at 19:13
Aliases within the same subnet usually use a /32 netmask. It's documented in ifconfig(8)
– Richard Smith
Dec 5 '15 at 19:13
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f247569%2ffreebsd-adding-ip-alias-to-interface-breaks-network-on-primary-ip%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
I can also repro the issue from regular configuration if — and only if — I specify the interface card, (ie
ip4.addr += "em0|1.2.3.4"
). To provide IPs only doesn't break network (ip4.addr += "1.2.3.4"
). To flush routes and reconfigure them works well (or/etc/rc.d/netif restart ; /etc/rc.d/routing restart
).– Dereckson
Oct 20 '16 at 13:30