Date: Wed, 30 Nov 2011 18:52:22 +0100 From: bsd <bsd@todoo.biz> To: Damien Fleuriot <ml@my.gd> Cc: "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.org> Subject: Re: Problem with jail network Message-ID: <B4E27F22-FD26-4030-9BEB-FA4A486B971C@todoo.biz> In-Reply-To: <4ED66992.9010207@my.gd> References: <3EE6B227-24EC-4600-AF04-BEE7A04677FB@todoo.biz> <4ED65705.8020503@my.gd> <5B932D73-456D-4895-BD8B-9BABAD7AE766@todoo.biz> <4ED66992.9010207@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 30 nov. 2011 =E0 18:36, Damien Fleuriot a =E9crit : >=20 >=20 > On 11/30/11 6:29 PM, bsd wrote: >> Le 30 nov. 2011 =E0 17:17, Damien Fleuriot a =E9crit : >>=20 >>>=20 >>>=20 >>> On 11/30/11 5:05 PM, bsd wrote: >>>> Hi,=20 >>>>=20 >>>> I have been configuring a jail system using the howto provided here = : http://www.freebsd.org/doc/handbook/jails-application.html >>>>=20 >>>> The is now correctly starting, but I can't seem to use the network = stack.=20 >>>>=20 >>>>=20 >>>>> root@master 16:52:55 ~ -> jls >>>>> JID IP Address Hostname Path >>>>> 1 xx.216.yy.150 n0.no.no /jail/j/n0 >>>>=20 >>>>=20 >>>> But I can't ping neither outside of the jail, nor inside of It.=20 >>>>=20 >>>> I am a bit confused because I don't know if I have to configure the = IP using an alias on the main Eth interface, or do something else.=20 >>>>=20 >>>>> ifconfig_bce0_alias0=3D"inetxx.216.yy.150/32" >>>>=20 >>>>=20 >>>>=20 >>>> This last command seems to have frozen my system.=20 >>>>=20 >>>=20 >>> Confirm that the MISSING SPACE between your "inet" and "xxx.216..." >>> statements is only a typo and NOT present in your actual rc.conf >>>=20 >>=20 >> This is confirmed.=20 >>=20 >> I have the equivalent of :=20 >>=20 >> ifconfig_bce0_alias0=3D"inet 1.2.3.4/32" >>=20 >=20 > AFAIK, unless you allow raw sockets, you will not be able to ping from > the jail. >=20 >=20 > Find below the conf I successfully used, a long time ago, for a jail > hosting DNS. >=20 > This is from my rc.conf on the host system. >=20 >=20 >=20 >=20 > ### JAILS > jail_enable=3D"NO" > jail_set_hostname_allow=3D"NO" > jail_list=3D"ns" > jail_ns_interface=3D"lo53" > jail_ns_ip=3D"192.168.0.53,2001:41d0:2:613b::53/56" > jail_ns_hostname=3D"ns.my.gd" > # fec0:[interface index]::[damien fleuriot]:[interface number] > # example: fec0:5::df:252 for loopback interface lo252 > jail_ns_rootdir=3D"/var/jail/ns" > jail_ns_devfs_enable=3D"YES" > #jail_ns_devfs_ruleset=3D"devfsrules_jail_ns" >=20 >=20 > You will notice this creates a lo53 (loopback) interface with private > IPv4 and IPv6 addresses. >=20 > I then used PF to redirect DNS queries to this jail. I don't want the IP to be redirected, I would like the jail to have It's = own IP.=20 Redirection would probably involve a NAT on your main IP to the IP of = the jail, which is something I would like to avoid.=20 Did you use something like the aforementioned ifconfig alias to give the = IP to your jail ?=20 ifconfig_bce0_alias0=3D"inet 1.2.3.4/32" What bothers me is that I am not able to ping from the outside either=85 = ??=20 And I can't install any ports because I don't have any network available = inside the jail.=20 =96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96= =96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96 ---------> Gr=E9gory Bernard Director <--------- ---------------> www.osnet.eu <--------------- --> Your provider of OpenSource appliances <-- =96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96= =96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96 OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B4E27F22-FD26-4030-9BEB-FA4A486B971C>