From owner-freebsd-isp Mon Jan 1 21: 5:41 2001 From owner-freebsd-isp@FreeBSD.ORG Mon Jan 1 21:05:38 2001 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from newmail.netbistro.com (newmail.netbistro.com [204.239.167.35]) by hub.freebsd.org (Postfix) with SMTP id 3C3C237B400 for ; Mon, 1 Jan 2001 21:05:38 -0800 (PST) Received: (qmail 16144 invoked by uid 1020); 2 Jan 2001 05:05:32 -0000 Date: Mon, 1 Jan 2001 21:05:32 -0800 (PST) From: Jon Simola X-Sender: jon@newmail.netbistro.com To: Dave VanAuken Cc: freebsd-isp@FreeBSD.ORG Subject: RE: Jail problems - Continued on fbsd 4.2 Release In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: jon@netbistro.com Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 1 Jan 2001, Dave VanAuken wrote: > Jail still not responding to telnet attempts. On the host machine, your rc.conf entries should look something like: network_interfaces="fxp0 lo0" ifconfig_fxp0="inet x.x.x.192 netmask 0xffffff00" ifconfig_fxp0_alias0="inet x.x.x.193 netmask 0xffffff00" route_0="x.x.x.193 -iface lo0" Also allows things like perl processes inside the jail to talk to the MySQL server running on the host. > once complete, have gone through the steps for activating the jail... > after ifconfiging the alias for the new IP addr, mounting the proc I Mounting a procfs inside the jail is fairly optional, despite what the man page says. At least, I've never run across anything that doesn't work because I don't have a procfs in the jail. > run the jail and get teh following: > **start screen dump** > adjkerntz[269]: sysctl(set_disrtcset): Operation not permitted > net.inet.tcp.rfc1323: Operation not permitted > TCP keepalive=YESsysctl: net.inet.tcp.always_keepalive: Operation not > permitted > **end screen dump** > as you can see we are getting an operation not permitted error from > the start, and from what I can discern, this is causing a cascade of > the other errors. The default jail config uses the same rc files as a real server, so it tries to set some sysctl options while booting, which isn't allowed inside a jail. Edit the rc files in the jail's /etc to remove the sysctl calls, or ignore them as harmless errors. > Am not sure about the following as directed in the man jail(8) > - created a blank file for the /etc/fstab within the jail - that > right?? Yep, a file should exist so that programs and scripts that expect one don't break. > - disabled port mapper from within sysinstall(in jail) > - ran newaliases - no problems > - root password set via sysinstall(in jail) > - timezone set via sysinstall(in jail) > - account added via sysinstall(in jail) > - have not added any packages yet Fine. > - !!not sure what they want for disabling the interface > configuration... Here's the rc.conf from one of my jails: portmap_enable="NO" network_interfaces="" sendmail_enable="NO" You remove all network interfaces so that the rc boot scripts don't try and configure anything while booting the jail. > - !!not sure what needs to be entered in /etc/resolve.conf for the > jail's name resolution Just a nameserver line. I haven't gotten around to trying to run a dns resolver on the localhost interface inside the jail, but I think it should work. Just use any dns server, so probably whatever you've got in /etc/resolv.conf on the host. --- Jon Simola | "In the near future - corporate networks Systems Administrator | reach out to the stars, electrons and light ABC Communications | flow throughout the universe." -- GITS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message