From owner-freebsd-jail@freebsd.org Sun Dec 13 04:45:10 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88D3EA147F0 for ; Sun, 13 Dec 2015 04:45:10 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 24E1B19F8 for ; Sun, 13 Dec 2015 04:45:10 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by mail-wm0-x231.google.com with SMTP id p66so4377226wmp.0 for ; Sat, 12 Dec 2015 20:45:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=RirTymvJyg4EtsH4JwRXXxNyXCyOmIMzJlXHOhp0kq4=; b=b6ioiUVK8Wmcb8JOOF2ykjiVyi0mspA7RkCdKDvku8014j8bjJbj0veAgi8kYvEQQu EGPO86lrQxXEWH5csIRbNbI2yjoEhHOU1a99xPUBKp03kOAsRvI4uQBB7FydAVjaGrgT Ld/syhuQWlyvYg+s5A0vJ6gHF9Ip7eTY+9wPXNuKjD6UBeuTlG9Ky20b11kznRON5APK /aC5hh/+zDta+V6ajXfGnjKQB0XDJE+cA/LDg6FM3TVpYASKYBQ0uCn2DbDFC3lOrtg2 i2t43qbcs83lrj1uzZB+epb1UEWCa6WTab5S1auxWmRl8jRcNtgyoWnjp9TsxOQWZU5y x9aw== X-Received: by 10.28.182.11 with SMTP id g11mr17140763wmf.42.1449981908288; Sat, 12 Dec 2015 20:45:08 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id 198sm10168799wmr.18.2015.12.12.20.45.07 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 12 Dec 2015 20:45:07 -0800 (PST) Subject: Re: Configuring network without ezjail To: "Michael B. Eichorn" , Dirk Engling , freebsd-jail@freebsd.org References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> <1449889151.23602.24.camel@michaeleichorn.com> From: marcel X-Enigmail-Draft-Status: N1110 Message-ID: <566D05DD.9080201@gmail.com> Date: Sun, 13 Dec 2015 05:45:01 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <1449889151.23602.24.camel@michaeleichorn.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 04:45:10 -0000 On 12/12/2015 02:59, Michael B. Eichorn wrote: > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: >> On Sat, 2015-12-12 at 02:08 +0000, marcel wrote: >>> ... and I think I have enabling gateway, I wrote thins in both of >>> my >>> rc.conf (jail and host): >>> >>> gateway_enable="YES" >>> >>> Is it correct ? >> You only need gateway_enable if you are doing routing, it is not >> necessary for a typical jail setup. Most of the time you are just >> adding an alias to the host's nic. OK so if I want to my jail can access to internet I have to do routing, right ? >>> But I don't think I have DNS problems, my host correctly access to >>> the >>> internet and the resolv.conf of my jail and my host are same... >>> >>> On 12/12/2015 01:50, marcel wrote: >>>> No I don't get to have an IP address... Yet I have writed this in >>>> my >>>> host's rc.conf: >>>> >>>> jail_enable="YES" >>>> jail_list="thename" >>>> jail_guantanamo_rootdir="thepath" >>>> jail_guantanamo_hostname="thename" >>>> jail_guantanamo_ip="192.168.0.12" >>>> >>>> and I use the command: >>>> >>>> jail thepath thename 192.168.0.12 /bin/csh >>>> >>>> to connect to my jail... >>>> >>>> On 11/12/2015 23:31, Dirk Engling wrote: >>>>> On 12.12.15 01:19, marcel wrote: >>>>> >>>>>> I would like to know if it is possible to configure a jail's >>>>>> network for >>>>>> accessing to the World Wide Web but without ezjail ? >>>>>> I have created my jail without ezjail (mkdir jail, make >>>>>> installworld, >>>>>> etc...) and I would like to continue without it if it's >>>>>> possible... >>>>> Sure, why doesn't it connect to the net? Does it have a RFC1918 >>>>> IP? If >>>>> so, you need to enable NAT. If not, did you enable gatewaying? >>>>> Maybe you >>>>> just have DNS problems, so is your resolv.conf set up properly? >>>>> >>>>> Without knowing what exactly is not working, I can not help >>>>> you. >>>>> >>>>> erdgeist >> I think you found some old instructions, assuming a 10.x system here >> is >> the boilerplate for a typical jail: >> >> rc.conf: >> >> jail_enable="YES" >> >> jail.conf: >> >> interface = re0; >> mount.devfs; >> exec.start = "/bin/sh /etc/rc"; >> exec.stop = "/bin/sh /etc/rc.shutdown"; >> >> thenameofthejail { >> host.hostname = host.domain.tld; >> path = /the/path/to/the/jail >> ip4.addr = 192.168.0.12; >> } >> >> and start it up with >> >> # jail -c thenameofthejail >> >> And another handy tip you can avoid building a jail with make by >> extacting the base.txz file found in places like the install media >> into >> the jail directory OK, so my jail.conf look like your jail.conf and when I type jls my jail have the IP 192.168.0.12 but when I type ifconfig in my jail I have no ip... > Oh and before I forget, the trickiest thing for me moving from ezjail > to jail was updating. Assuming your jails are complete base systems and > that you would like to use binary updates with freebsd-update, and you > have completely sparated jails without any funny tricks to save space, > here is Ike's simple jail update guide: > > edit the jail's freebsd-update.conf and change > > Components src world kernel > -to- > Components world > > then run freebsd-update like so: > > # freebsd-update -b /usr/jails/jaildir \ > -f usr/jails/jaildir/etc/freebsd-update.conf \ > -d /usr/jails/jaildir/var/db/freebsd-update fetch > # freebsd-update -b /usr/jails/jaildir \ > -f /usr/jails/jaildir/etc/freebsd-update.conf \ > -d /usr/jails/jaildir/var/db/freebsd-update install > > Using the -f flag keeps the jail from using the host config since jails > cannot update kernels anyway. And -d keeps jails and hosts from > trampling each other which is nice if you want to do more than one at a > time, or if you use freebsd-update cron. Thanks for tip !