From owner-freebsd-jail@FreeBSD.ORG Sun Jun 1 00:23:11 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B699B880 for ; Sun, 1 Jun 2014 00:23:11 +0000 (UTC) Received: from outbound.mailhostbox.com (outbound.mailhostbox.com [162.222.225.28]) by mx1.freebsd.org (Postfix) with ESMTP id 7DAAE2B43 for ; Sun, 1 Jun 2014 00:23:11 +0000 (UTC) Received: from [0.0.0.0] (bolobolo1.torservers.net [96.47.226.20]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: s7r@sky-ip.org) by outbound.mailhostbox.com (Postfix) with ESMTPSA id 11C88868AFC for ; Sun, 1 Jun 2014 00:14:22 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1401581664; bh=6elF7P5iNpvgGCf1Tuy26nbKLua/XA+lQ5LXXu1sMso=; h=Message-ID:Date:From:Reply-To:MIME-Version:To:Subject: Content-Type:Content-Transfer-Encoding; b=B8Bw4pTAgV8KKD7IfQqWav6Hdww7N0jiWS8npp8htBDZCp1x1SzeznWV6pHWyQ93g v6eoSEQHB0NBeT5yfosRaE6rZ3LZ+wd6mI1w52R43LJyERExEanpm7nJHBBAodDcNh kmcFThKc79iZp2qfJalHd8MHfehm7N6K70IGaoR8= Message-ID: <538A7059.7070500@sky-ip.org> Date: Sun, 01 Jun 2014 03:14:17 +0300 From: s7r Reply-To: s7r@sky-ip.org User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: cannot access internet from jail, help needed please X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-CTCH-RefID: str=0001.0A020204.538A705E.008A, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 X-CTCH-VOD: Unknown X-CTCH-Spam: Unknown X-CTCH-Score: 0.000 X-CTCH-Rules: X-CTCH-Flags: 0 X-CTCH-ScoreCust: 0.000 X-CTCH-SenderID: s7r@sky-ip.org X-CTCH-SenderID-TotalMessages: 1 X-CTCH-SenderID-TotalSpam: 0 X-CTCH-SenderID-TotalSuspected: 0 X-CTCH-SenderID-TotalBulk: 0 X-CTCH-SenderID-TotalConfirmed: 0 X-CTCH-SenderID-TotalRecipients: 0 X-CTCH-SenderID-TotalVirus: 0 X-CTCH-SenderID-BlueWhiteFlag: 0 X-Scanned-By: MIMEDefang 2.72 on 172.18.214.93 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2014 00:23:11 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I am trying to build a jail on FreeBSD 10.0 amd64 and it cannot access the internet. Here are the steps I followed: 1. install ezjail from ports and enable it in rc.conf 2. My server has 3 public IPv4 addresses. Add one of them as an alias (for the jail): # ifconfig em0 alias netmask 255.255.255.255 # echo 'ifconfig_em0_alias0="inet netmask 255.255.255.255"' >> /etc/rc.conf 3. enable ip forwarding # sysctl net.inet.ip.forwarding=1 4. create the jail with the dedicated IP added as an alias 5. provide a name resolver in jail's /etc/resolv.conf 6. start the jail # service ezjail start 7. console into the jail # ezjail-admin console 8. cannot access the internet. cannot use ports, cannot do anything. The public IP address assigned to the jail is PINGable from the outside (another server) and also PINGable from the host. What is wrong here? I have searched the forums and everywhere on the internet and saw no mistake or no steps missed. - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJTinBZAAoJEIN/pSyBJlsRh/UIAJL0CHmlZ7xh2nAn/cbAWv67 zjIYpaubYOOAVfTm6d8LRL+8dtqpag+jE3VOB4oz9mfG3HRHyYxHFB7+bwTJajuS DXg8GnuG49OHO/FNBAEew0PzfVmjuNsMkztZcJJqWHxrHnQcwZYWth5eZj8WSSJ0 MgQi4lLbYwZerFmezozO4wgBRS7Ing1raOgwtHZOXTuiHIglf9t1LGgbkzu3AuPO BDeYJQn159un6tkI5luoT6DTX+2wF+at2f//31KEoFNNT70lBKV3G/jKk+k0/s92 5ZS6jalTCDQ+jrpJmjTYrrkU+jQbMOcjoe9UlPpgo26kQftp2Z/Cu/3mW0qIUYA= =2BuA -----END PGP SIGNATURE-----