From owner-freebsd-questions@FreeBSD.ORG Thu Aug 12 15:52:42 2010 Return-Path: Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F8541065693 for ; Thu, 12 Aug 2010 15:52:42 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id B47BB8FC19 for ; Thu, 12 Aug 2010 15:52:41 +0000 (UTC) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.3/8.14.3) with ESMTP id o7CFqOY1097377; Thu, 12 Aug 2010 17:52:39 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.3/8.14.3/Submit) id o7CFqOIM097376; Thu, 12 Aug 2010 17:52:24 +0200 (CEST) (envelope-from olli) Date: Thu, 12 Aug 2010 17:52:24 +0200 (CEST) Message-Id: <201008121552.o7CFqOIM097376@lurza.secnetix.de> From: Oliver Fromme To: freebsd-questions@FreeBSD.ORG, berrandonea@yahoo.fr In-Reply-To: <861468.90347.qm@web24607.mail.ird.yahoo.com> X-Newsgroups: list.freebsd-questions User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.4-PRERELEASE-20080904 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.3.4 (lurza.secnetix.de [127.0.0.1]); Thu, 12 Aug 2010 17:52:39 +0200 (CEST) Cc: Subject: Re: Re : Re : How to connect a jail to the web ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@FreeBSD.ORG, berrandonea@yahoo.fr List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Aug 2010 15:52:42 -0000 Brice ERRANDONEA wrote: > On the host, when the jail is not running : > > %ifconfig > rl0: flags=8843 metric 0 mtu 1500 > options=8 > ether 00:11:09:15:72:6a > inet 192.168.1.38 netmask 0xffffff00 broadcast 192.168.1.255 > media: Ethernet autoselect (100baseTX ) OK, so 192.168.1.38 is the only (non-localnet) IP address that you have. You should use that one for your jail. > On the host when the jail is running : > > FreeBSD# jls > JID IP Address Hostname Path > 1 93.0.168.242 MaPrison /usr/prison > FreeBSD# ifconfig > rl0: flags=8843 metric 0 mtu 1500 > options=8 > ether 00:11:09:15:72:6a > inet 192.168.1.38 netmask 0xffffff00 broadcast 192.168.1.255 > inet 93.0.168.242 netmask 0xffffffff broadcast 93.0.168.242 > media: Ethernet autoselect (100baseTX ) Where did you get that second IP address from? Did you just add it manually? Or is that the address that your gateway (DSL router, whatever) got assigned from your ISP? I assume that IP address is not really routed to your host, but that NAT (Network Address Translation) is used on your router. So you cannot use that address on the host. (If that's not true, please exlain the structure of your network in more detail.) So, if my assumptions are true, you must use the address 192.168.1.38 for your jail. Make sure that DNS is working inside the jail ... It should be sufficient to copy /etc/resolv.conf from the host to /usr/prison/etc/resolv.conf If it still doesn't work: Are you using any packet filter (ipfw, ipf, pf)? If so, please show the complete list of rules. Otherwise, it might help to run tcpdump(1) on the host, so you can see the actual packets that are transmitted and received. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "C++ is the only current language making COBOL look good." -- Bertrand Meyer