On Thu, 10 Dec 2015, Rick Macklem wrote: > Hi, > > Mark has reported a problem via email where the nfsuserd daemon sees > requests coming from an IP# assigned to the machine instead of 127.0.0.1. > Here's a snippet from his message: > Ok, I have Plex in a jail and when I scan the remote NFS file share the > *local* server's nfsuserd spams the logs. > Spamming the logs refers to the messages nfsuserd generates when it gets > a request from an address other than 127.0.0.1. > > I think the best solution is to switch nfsuserd over to using an AF_LOCAL > socket like the gssd uses, but that will take a little coding and probably > won't be MFCable. > > I've sent him the attached patch to try as a workaround. > > Does anyone happen to know under what circumstances the address 127.0.0.1 > gets replaced? My memory is quite hazy on this subject, but I think that outbound traffic from a jail is not permitted to use the system loopback address 127.0.0.1; traffic from this address within a jail gets replace with the jail's primary IP address. It is possible to specify an alternate loopback address for use within the jail (e.g., 127.0.0.2) and if that alternate address is only bound within the jail, it can be used for outgoing traffic to the host. See jail.conf(5); I appear to have something like: kduck { host.hostname = "kduck.mit.edu"; ip4.addr = lo0|127.0.0.2, 18.18.0.52; [...] } Note that there may be some additional magic about the primary address of the jail being first (or last?) in the list of addresses. -BenReceived on Thu Dec 10 2015 - 22:55:00 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:01 UTC