From owner-freebsd-questions@FreeBSD.ORG Thu Aug 12 16:48:53 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A190A106567A for ; Thu, 12 Aug 2010 16:48:53 +0000 (UTC) (envelope-from berrandonea@yahoo.fr) Received: from n23.bullet.mail.ukl.yahoo.com (n23.bullet.mail.ukl.yahoo.com [87.248.110.140]) by mx1.freebsd.org (Postfix) with SMTP id 2F41F8FC1F for ; Thu, 12 Aug 2010 16:48:52 +0000 (UTC) Received: from [217.12.4.214] by n23.bullet.mail.ukl.yahoo.com with NNFMP; 12 Aug 2010 16:48:52 -0000 Received: from [87.248.110.106] by t1.bullet.ukl.yahoo.com with NNFMP; 12 Aug 2010 16:48:52 -0000 Received: from [127.0.0.1] by omp211.mail.ukl.yahoo.com with NNFMP; 12 Aug 2010 16:48:52 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 140984.68306.bm@omp211.mail.ukl.yahoo.com Received: (qmail 31497 invoked by uid 60001); 12 Aug 2010 16:48:51 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.fr; s=s1024; t=1281631731; bh=bKLp0r+jHaehSyZ0n2nVy0kUAIE80GDHVvPxigQSk80=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=G2oKiZLi225XwD9MoBMTpndnwI4Vt2pNh+eD3CDVH1PXu34WBixYga9OpOcPjS2rvNvgmgM6dpCfKkIe+qtFX8qwtrMLOj9lrcdAm3A5/ulF6b3GrEyInphGJp9bD10SVEcBbyDBzQSRiH0uBGPhEbb0boamyu1cLIeip2GMu7Q= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.fr; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=LNXCDqhtWJIgRmYqb0P2dbSqNMw/0O/q82SiMy+WsyLUGRA/CvpiEVuwryLSKjkT2RFPpiuZ+kVWa912Fg3/yXxy3IrCkaYAtU8CfuVjSxnNNWuRIj5JdgMYipsWZHrN8/9foYZNjqBJS70TbwhHXMEYR/4GvNYGal1PqDINWJ4=; Message-ID: <827393.30460.qm@web24601.mail.ird.yahoo.com> X-YMail-OSG: f6.WbO0VM1n7wXKDu3aoL0Umyhb.LnfAU93yupDxZJsMh08 TWOOz1Kk2PO7WxaBRYp76oDuLEz0UE0bAAMksW76U5Gkv9RYWRyDsZmPh5PN BHp_37C8pM351V9NKW6_J26utdSzw3dNVlm7aPndtYwirymBWvuHjefEMWpZ CGBy29dXRHB.cF6DiBEGvdHXeMixb5rKJ31Vg8LGdEBJism1opn9uiyhEMaA 3xtjUOYtXiqL45fyium_xWXW2R1M90HrXwQf7ccs_.Ufu_OUY9Wth.OzlGSq 8o5vvO_lsEutCCXNbnoZoNUiMiBYEIMegotoPxfewTaIr Received: from [93.0.168.242] by web24601.mail.ird.yahoo.com via HTTP; Thu, 12 Aug 2010 16:48:51 GMT X-Mailer: YahooMailRC/470 YahooMailWebService/0.8.105.279950 References: <201008121552.o7CFqOIM097376@lurza.secnetix.de> Date: Thu, 12 Aug 2010 16:48:51 +0000 (GMT) From: Brice ERRANDONEA To: freebsd-questions@FreeBSD.ORG In-Reply-To: <201008121552.o7CFqOIM097376@lurza.secnetix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re : Re : Re : How to connect a jail to the web ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Aug 2010 16:48:53 -0000 =0A=0A> Where did you get that second IP address from? Did you just=0A> ad= d it manually? Or is that the address that your gateway=0A> (DSL router, w= hatever) got assigned from your ISP?=0A=0AI added it manually in rc.conf (o= n the host) :=0A=0Ahostname=3D"FreeBSD.ici"=0Aifconfig_rl0=3D"DHCP"=0Akeyma= p=3D"fr.iso.acc" (yes, I'm french)=0Amoused_enable=3D"YES"=0Asaver=3D= "dragon"=0Ahald_enable=3D"YES"=0Adbus_enable=3D"YES"=0Adevfs_system_ruleset= =3D"localrules"=0A=0Ajail_enable=3D"NO"=0Ajail_list=3D"MaPrison"=0Ajail_int= erface=3D"rl0"=0Ajail_devfs_ruleset=3D"devfsrules_jail"=0Ajail_devfs_enable= =3D"YES"=0A=0Ajail_server_rootdir=3D"/usr/prison"=0Ajail_server_hostname=3D= "MaPrison"=0Ajail_server_ip=3D"93.0.168.242"=0A=0AI choosed it because that= 's my computer's public ip, at least according to this =0Awebsite : http://= whatismyipaddress.com/=0A=0A> I assume that IP address is not really routed= to your host,=0A> but that NAT (Network Address Translation) is used on yo= ur=0A> router. So you cannot use that address on the host.=0A> (If that's = not true, please exlain the structure of your=0A> network in more detail.)= =0A=0AMy "network" is VERY simple. I've got a modem (or "box") provided by = my phone =0Acompany. It's called a "neufbox" and acts as a gateway. The com= puter with =0AFreeBSD is connected to this "box" through an ethernet cable.= Two other =0Acomputers are connected to it via wifi.=0A=0A> So, if my assu= mptions are true, you must use the address=0A> 192.168.1.38 for your jail. = Make sure that DNS is working=0A> inside the jail ... It should be suffic= ient to copy=0A> /etc/resolv.conf from the host to /usr/prison/etc/resolv.c= onf=0A=0AOK, I'll try this.=0A=0A> If it still doesn't work: Are you using= any packet filter=0A> (ipfw, ipf, pf)? If so, please show the complete li= st of=0A> rules.=0A=0ANo, I don't. I've tried pf but you told it was not ne= cessary.=0A=0A> Otherwise, it might help to run tcpdump(1) on the host, so= =0A> you can see the actual packets that are transmitted and=0A> received.= =0A=0AAllright. I try it too.=0A=0AGood bye for the moment and thanks for y= our help.=0A=0ABrice=0A=0A=0A