From owner-freebsd-questions@FreeBSD.ORG  Mon Mar 22 10:24:17 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 604E71065670
	for <freebsd-questions@freebsd.org>;
	Mon, 22 Mar 2010 10:24:17 +0000 (UTC)
	(envelope-from dhenin@gmail.com)
Received: from mail-bw0-f228.google.com (mail-bw0-f228.google.com
	[209.85.218.228])
	by mx1.freebsd.org (Postfix) with ESMTP id D5FD18FC1E
	for <freebsd-questions@freebsd.org>;
	Mon, 22 Mar 2010 10:24:15 +0000 (UTC)
Received: by bwz28 with SMTP id 28so4673282bwz.14
	for <freebsd-questions@freebsd.org>;
	Mon, 22 Mar 2010 03:24:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:sender:reply-to:received
	:in-reply-to:references:from:date:x-google-sender-auth:message-id
	:subject:to:content-type;
	bh=gyTUJtVQopY0P2tLOufTCENX38JoW5UXdbFwI0EM8oc=;
	b=UeI5TNOlX8awEa5uRMaUv1Kg/8HWQsqgwJ8WAVVwg1gZdRyM//cOxPptOx1Zpvuix4
	QhaBf9Pe+XqigsJcp5yEGqcPIMIf4o3shLl1CUPbnCMYPwp4fstj3r1dh19aHY58HgIR
	vonxuEsWedmqX/cVKTsvJNIlTAZ7ATAFrIX8Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:sender:reply-to:in-reply-to:references:from:date
	:x-google-sender-auth:message-id:subject:to:content-type;
	b=A164krkY92OxoAb7nKVts5XVWu/YEbQRXfiEKXbUMSwL69FGgE5DJjyoZPs3uHWv/+
	3wFycjYz2vzY11v0CsUXo1+mXk8g71rR76qDIiN33BprOUTZUbm5gFrKEoGZUDK5J5Zo
	Z9tiDhOmHORP1E7zPzqOz30VJ3DHlx8oUWzXk=
MIME-Version: 1.0
Sender: dhenin@gmail.com
Received: by 10.204.75.35 with SMTP id w35mr5272508bkj.194.1269253454156; Mon, 
	22 Mar 2010 03:24:14 -0700 (PDT)
In-Reply-To: <20100322095545.GA77714@ei.bzerk.org>
References: <4BA5AA53.5030503@comclark.com> <4BA69566.2040504@markshroyer.com>
	<4BA6B80F.7050806@comclark.com> <4BA6CB8B.8070309@markshroyer.com> 
	<4BA73C9D.7090900@comclark.com> <20100322095545.GA77714@ei.bzerk.org>
From: =?ISO-8859-1?Q?Dh=E9nin_Jean=2DJacques?= <jean-jacques@dhenin.fr>
Date: Mon, 22 Mar 2010 11:23:54 +0100
X-Google-Sender-Auth: d742f8a29d1cdc2b
Message-ID: <12437d831003220323o4463044bu416f994f0129b459@mail.gmail.com>
To: Ruben de Groot <mail25@bzerk.org>, Aiza <aiza21@comclark.com>, 
	Mark Shroyer <subscriber+freebsd@markshroyer.com>,
	freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: 
Subject: Re: ezjail
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: jj@dhenin.fr
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2010 10:24:17 -0000

2010/3/22 Ruben de Groot <mail25@bzerk.org>

>
> >
> > My host 8.0 system is the gateway to the public internet.
> > I have ipfilter running blocking all inbound request for service.
> > I only allow out bound request from the LAN behind the gateway and use
> > keep state to allow the packet conversation to continue. All this has
> > worked fine for years across many releases of Freebsd.
> >
> > Now comes playing with jails. I created 3 jails, www, ftp, telnet and
> > used ip address of 10.0.20.20, 10.0.20.30, 10.0.20.40. The goal is to
> > target those jails from other PC on the private LAN who are using ip
> > address in the 10.0.10.2 through 10.0.10.8 range.
> >
> > I used ezjail-admin onestart and all the jails start. Then did
> > ezjail-admin console ftp.local.com and got logged into that jail. Edite=
d
> > /etc/inetd.conf and uncommented the ftp line. Edited /etc/rc.conf addin=
g
> > inetd_enable=3D"YES" exited the ftp jail. Did ezjail-admin onestop
> > followed by ezjail-admin onestart to cycle the ftp jail to activate the
> > ftp function. ezjail-admin console ftp.local.com to get logged into tha=
t
> > jail again. From within the jail did ping -c 2 10.0.10.6 which is a pc
> > on the lan gives me no sockets mesg. And ftp from 10.0.10.6 to
> > 10.0.20.30 the ftp jail gives me no connection error.
> >
> > What is the problem here?
>
>
> How are we supposed to know?
>
> Ruben
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>

add

sysctl security.jail.allow_raw_sockets=3D1

or in /etc/sysctl.conf

on the host (not in in the jail)

Cordialement

---------------------------------------------------------
(=B0>   Dh=E9nin Jean-Jacques
/ )     48, rue de la Justice 78300 Poissy
^^   Jean-Jacques@dhenin.fr
---------------------------------------------------------