From owner-freebsd-jail@FreeBSD.ORG Thu Jul 12 19:04:53 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E9DD01065670 for ; Thu, 12 Jul 2012 19:04:53 +0000 (UTC) (envelope-from h.skuhra@gmail.com) Received: from mail-gh0-f182.google.com (mail-gh0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id A3B168FC15 for ; Thu, 12 Jul 2012 19:04:53 +0000 (UTC) Received: by ghbz22 with SMTP id z22so3211113ghb.13 for ; Thu, 12 Jul 2012 12:04:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=ZeKlxhtQSShyQeORzwuLdv/OyEhXKutyaiW16Xex1DE=; b=f8FSI0V2BPcrV/JFDXPGhjbJOMXMgdaKnewKGl9Rgc+6bLMqorZRYlHa29aui+7Sxu 5lC2nwD+7AXzuCZwuSj2cOnLhXiiir0ioJpwlieRH3Rwtr+JRjVCfHqeFRs/qDscfiMf nlIFnBE7n7+eYVC+m9HsR8bm/rRz8LOM5QHSBfVU1P7Y0nTt+IoE129iQMLX/SYg8akR W6kfvVgNKEgzWIFwk+ZrnKf8pKOFD7HTA3WgsUILIWpiHDSU9145GILnDxbp7O+ma+eq ArPMgbw+FT4DfYHz+xLTFBmOcaLhlm02UOlnyLX0WQnBgZ56kA9xOeF6rNXKQkaJS6KR vKXw== MIME-Version: 1.0 Received: by 10.66.89.38 with SMTP id bl6mr92157805pab.39.1342119892589; Thu, 12 Jul 2012 12:04:52 -0700 (PDT) Received: by 10.68.239.67 with HTTP; Thu, 12 Jul 2012 12:04:52 -0700 (PDT) In-Reply-To: References: <87fw8yariq.wl%h.skuhra@gmail.com> Date: Thu, 12 Jul 2012 21:04:52 +0200 Message-ID: From: "Herbert J. Skuhra" To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 Subject: Re: Jails on FreeBSD 9.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2012 19:04:54 -0000 On Thu, Jul 12, 2012 at 11:56 AM, joris dedieu wrote: > 2012/7/12 Herbert J. Skuhra : >> On Wed, Jul 11, 2012 at 11:59 PM, Herbert J. Skuhra wrote: >>> Hi, >>> >>> although I've followed the instructions in jail(8) and jail.conf(5) I >>> cannot manage to setup jails on FreeBSD 9.0 STABLE (r238334). >>> >>> The symptons: >>> >>> * ssh'ing to jail works, but it takes about 20 seconds until password >>> prompt appears > > Does it still the same with UseDNS=no in /etc/ssh/sshd_config ? No, I can login instantly. >>> * netstat -r in the jail takes about 150 seconds to finish > > Does netstat -rn does the same ? No, the output appears immediately. >>> * connections to the internet time out; with tcpdump I see that >>> packets leave and enter the public interface on the host, but never >>> reach the jail >>> >>> I use lo1 interface and ip address 192.168.1.1/24 for the jail. Public >>> interface is fxp0 with both an IPv4 and an IPv6 address assigned. >>> Of course, nat is enable via pf on the public interface. > > Can you post your PF configuration ? >> >> After switching to ipfw/natd networking in the jail works. >> Could this be a bug? > > I think you had an issue with firewall that block name resolution and > makes everything goes slow. At least you need one single line on your > pf.conf : > > nat on $public_interface form $jail_ip to any -> ($public_interface) Even when loading only the nat rule it doesn't work: nat on fxp0 from 192.168.1.0/24 to any -> $ext_addr Thanks. Herbert