Date: Thu, 12 Aug 2010 17:52:24 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-questions@FreeBSD.ORG, berrandonea@yahoo.fr Subject: Re: Re : Re : How to connect a jail to the web ? Message-ID: <201008121552.o7CFqOIM097376@lurza.secnetix.de> In-Reply-To: <861468.90347.qm@web24607.mail.ird.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Brice ERRANDONEA <berrandonea@yahoo.fr> wrote: > On the host, when the jail is not running : > > %ifconfig > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=8<VLAN_MTU> > ether 00:11:09:15:72:6a > inet 192.168.1.38 netmask 0xffffff00 broadcast 192.168.1.255 > media: Ethernet autoselect (100baseTX <full-duplex>) OK, so 192.168.1.38 is the only (non-localnet) IP address that you have. You should use that one for your jail. > On the host when the jail is running : > > FreeBSD# jls > JID IP Address Hostname Path > 1 93.0.168.242 MaPrison /usr/prison > FreeBSD# ifconfig > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=8<VLAN_MTU> > ether 00:11:09:15:72:6a > inet 192.168.1.38 netmask 0xffffff00 broadcast 192.168.1.255 > inet 93.0.168.242 netmask 0xffffffff broadcast 93.0.168.242 > media: Ethernet autoselect (100baseTX <full-duplex>) Where did you get that second IP address from? Did you just add it manually? Or is that the address that your gateway (DSL router, whatever) got assigned from your ISP? I assume that IP address is not really routed to your host, but that NAT (Network Address Translation) is used on your router. So you cannot use that address on the host. (If that's not true, please exlain the structure of your network in more detail.) So, if my assumptions are true, you must use the address 192.168.1.38 for your jail. Make sure that DNS is working inside the jail ... It should be sufficient to copy /etc/resolv.conf from the host to /usr/prison/etc/resolv.conf If it still doesn't work: Are you using any packet filter (ipfw, ipf, pf)? If so, please show the complete list of rules. Otherwise, it might help to run tcpdump(1) on the host, so you can see the actual packets that are transmitted and received. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "C++ is the only current language making COBOL look good." -- Bertrand Meyer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201008121552.o7CFqOIM097376>