Date: Tue, 17 Nov 2009 12:18:40 +0100 From: "Scheithauer, Lars (FH)" <Lars.Scheithauer@fh-heidelberg.de> To: <freebsd-jail@freebsd.org> Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Subject: AW: Networking from jail - errata Message-ID: <26040005B7F3AA41A0345BCE386CA09701C62A7D@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <20091117103601.G37440@maildrop.int.zabbadoz.net> References: <26040005B7F3AA41A0345BCE386CA09701C62A79@FHCLUSRV-EX.dcs.fh-heidelberg.de><26040005B7F3AA41A0345BCE386CA09701C62A7A@FHCLUSRV-EX.dcs.fh-heidelberg.de> <20091117103601.G37440@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Bjoern, thanks for the clarification, I changed the values according to your = suggestions. However, it did not resolve the problem. I've checked the proxy logfiles and it seems, that the Makefile(s) don't = try to access the proxy at all while fetching files. Is there any = reason, why the Makefile(s) should not use the *_PROXY-variables on the = jails? Best Regards, Lars -----Urspr=FCngliche Nachricht----- Von: owner-freebsd-jail@freebsd.org = [mailto:owner-freebsd-jail@freebsd.org] Im Auftrag von Bjoern A. Zeeb Gesendet: Dienstag, 17. November 2009 11:41 An: Scheithauer, Lars (FH) Cc: freebsd-jail@freebsd.org Betreff: Re: Networking from jail - errata On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote: Hi, > Quick note: > Forgot to replace two values. > Jail - x.y.z.61 > Host - x.y.z.60 > Router - x.y.z.62 > > > -----Urspr=FCngliche Nachricht----- > Von: owner-freebsd-jail@freebsd.org = [mailto:owner-freebsd-jail@freebsd.org] Im Auftrag von Scheithauer, Lars = (FH) > Gesendet: Dienstag, 17. November 2009 10:19 > An: freebsd-jail@freebsd.org > Betreff: Networking from jail > > Hi everyone! > > I'm having a little trouble with my jail's networking and I'm not sure > what to make of it. > > My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The > jailhost has both IP-adresses, the jail has just it's own: > > Jail# ifconfig > bce0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 = mtu > 1500 > > = options=3D1bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM= , > TSO4> > ether xx:xx:xx:xx:xx:10 > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > media: Ethernet autoselect (1000baseSX <full-duplex>) > status: active > [...] > Host# ifconfig > bce0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 = mtu > 1500 > > = options=3D1bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM= , > TSO4> > ether xx:xx:xx:xx:xx:10 > inet x.y.z.61 netmask 0xffffffc0 broadcast x.y.z.63 > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > media: Ethernet autoselect (1000baseSX <full-duplex>) > status: active > [...] > > I am able to access the ssh-server running on the jail, and I am able = to > access the proxyserver of our network via telnet and get some pages of > the internet. However, if I want to install something from the ports, > the jail is unable to fetch it: > > Jail# cd /usr/ports/ftp/wget > Jail# make > =3D=3D=3D> Vulnerability check disabled, database not found > =3D=3D=3D> Found saved configuration for wget-1.11.4_1 > =3D> wget-1.11.4.tar.bz2 doesn't seem to exist in = /usr/ports/distfiles/. > =3D> Attempting to fetch from http://ftp.gnu.org/gnu/wget/. > fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation = timed > out > =3D> Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/. > [...] > > I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY > and FTP_PROXY. If I test the connection with netcat, I get the = following > error message: > # nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80 > nc: read failed (0/3): Broken pipe The usual thing I am interested at that point is - does name resolution work properly from within the jail? /etc/resolv.conf setup correctly etc? > The funny thing is, that I have no problem installing ports from the > Host-system. From what I can tell, all the config files are correct: > > Jail# cat /etc/rc.conf > sshd_enable=3D"YES" > ifconfig_bce0=3D"inet x.y.z.60 netmask 255.255.255.192" > defaultrouter=3D"x.y.z.62" > hostname=3D"jail.example.com" That's not going to work, really (the ifconfig, defaultrouter, and unless you changed the defaults on the host system not even the hostname). You should actually remove those. > Host# cat /etc/rc.conf > sshd_enable=3D"NO" > ifconfig_bce0=3D"inet x.y.z.61 netmask 255.255.255.192" > defaultrouter=3D"x.y.z.62" > hostname=3D"host.example.com" > ipv6_enable=3D"NO" > jail_enable=3D"YES" > jail_set_hostname_allow=3D"NO" > jail_list=3D"jail" > jail_jail_hostname=3D"jail" > jail_jail_ip=3D"x.y.z.60" > jail_jail_rootdir=3D"my/jail/root" > jail_jail_devfs_enable=3D"YES" That doesn't really match your ifconfig output from above; something on the host system would have to set the IP address of the host. I would expect something like (you may have mixed jail and host addresses so properly sort this): # host system IP address ifconfig_bce0=3Dinet x.y.z.61 netmask 255.255.255.192" # jail IP address ifconfig_bce0_alias0=3Dinet x.y.z.60 netmask 255.255.255.255" Note that the alias has a /32 netmask. /bz --=20 Bjoern A. Zeeb It will not break if you know what you are doing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26040005B7F3AA41A0345BCE386CA09701C62A7D>