From owner-freebsd-jail@FreeBSD.ORG Thu Jul 12 09:56:49 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9E2551065670 for ; Thu, 12 Jul 2012 09:56:49 +0000 (UTC) (envelope-from joris.dedieu@gmail.com) Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 58B9A8FC14 for ; Thu, 12 Jul 2012 09:56:49 +0000 (UTC) Received: by qcsg15 with SMTP id g15so1551962qcs.13 for ; Thu, 12 Jul 2012 02:56:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=eowYgA7GNC89dlqoxhgGQ16drsw+Q0ojxnrb9cdWlOs=; b=t2MA0CtQ7QjbVcjE3+CDmdszPFSCAM4ky2RuMN3404UKthd7k+eOAIxGKJN2n1p1ZT Wzla0nUn+AHwSVKhusOC8vVgG6h9ZK30PVzOnVM8zPUP8Zxc2heK9EMJ6RlOkdBbckQW MS6n9i+PTJLbJ/K0hqVMceSGjgdBAfZoAZGhfW2zncCeaKDrBY/NSX1D0WQnA7AoCs3/ F9bj4Rg0PfpFdhVsmMFceII6DESZY3AqnZjBcXRpMf/eK61Imz4Jh63s+7BiVVxeA/VP 9n3YoX/d4aPIw9pHLDQ7E+CBzw4l0CMLiBASDZb0zkfqTQCh3SUIJtSvHp2vu96Bp4Zx YaKA== MIME-Version: 1.0 Received: by 10.224.111.139 with SMTP id s11mr2659686qap.78.1342087008678; Thu, 12 Jul 2012 02:56:48 -0700 (PDT) Received: by 10.224.130.67 with HTTP; Thu, 12 Jul 2012 02:56:48 -0700 (PDT) In-Reply-To: References: <87fw8yariq.wl%h.skuhra@gmail.com> Date: Thu, 12 Jul 2012 11:56:48 +0200 Message-ID: From: joris dedieu To: "Herbert J. Skuhra" Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-jail@freebsd.org Subject: Re: Jails on FreeBSD 9.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2012 09:56:49 -0000 2012/7/12 Herbert J. Skuhra : > On Wed, Jul 11, 2012 at 11:59 PM, Herbert J. Skuhra wrote: >> Hi, >> >> although I've followed the instructions in jail(8) and jail.conf(5) I >> cannot manage to setup jails on FreeBSD 9.0 STABLE (r238334). >> >> The symptons: >> >> * ssh'ing to jail works, but it takes about 20 seconds until password >> prompt appears Does it still the same with UseDNS=no in /etc/ssh/sshd_config ? >> * netstat -r in the jail takes about 150 seconds to finish Does netstat -rn does the same ? >> * connections to the internet time out; with tcpdump I see that >> packets leave and enter the public interface on the host, but never >> reach the jail >> >> I use lo1 interface and ip address 192.168.1.1/24 for the jail. Public >> interface is fxp0 with both an IPv4 and an IPv6 address assigned. >> Of course, nat is enable via pf on the public interface. Can you post your PF configuration ? > > After switching to ipfw/natd networking in the jail works. > Could this be a bug? I think you had an issue with firewall that block name resolution and makes everything goes slow. At least you need one single line on your pf.conf : nat on $public_interface form $jail_ip to any -> ($public_interface) > > -- > Herbert > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"