From owner-freebsd-hackers  Mon Oct 30 19:53:48 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from newmail.netbistro.com (newmail.netbistro.com [204.239.167.35])
	by hub.freebsd.org (Postfix) with SMTP id 9BB2037B479
	for <hackers@freebsd.org>; Mon, 30 Oct 2000 19:53:44 -0800 (PST)
Received: (qmail 11281 invoked by uid 1020); 31 Oct 2000 03:53:34 -0000
Date: Mon, 30 Oct 2000 19:53:34 -0800 (PST)
From: Jon Simola <jon@abccom.bc.ca>
X-Sender: jon@newmail.netbistro.com
To: Stefan Aeschbacher <stefan@aeschbacher.com>
Cc: hackers@freebsd.org
Subject: Re: jail network problems
In-Reply-To: <39FC3586.5B6426DB@aeschbacher.com>
Message-ID: <Pine.BSF.3.96.1001030193550.17274E-100000@newmail.netbistro.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, 29 Oct 2000, Stefan Aeschbacher wrote:

> I am running 4.1-stable updated ca 22.10.00.
> I set up a jail, started it but I have no network at all.
> I made an alias for the used IP address, I ran /etc/rc
> with the following output:

<snip>

How are you starting the jail? I use this in my boot scripts (single line):

/usr/sbin/jail /u2/xxx.xxx.xxx.195 some.domain.com xxx.xxx.xxx.195 /bin/sh /etc/rc

> ping doesnt work from within the jail (I assume this is normal)

Yep, I was looking into that and the archives revealed that it was a
non-trivial fix for a minor problem.

> jail# telnet localhost - doesnt work
> jail# telnet some address - doesnt work
> some host# telnet jail - doesnt work
> some host# ping jail - doesnt work (should it?)
> 
> any hint?

If you can't ping the jail's IP from another machine, I'd suspect that the IP
isn't aliased properly. Here's what I've got setup in /etc/rc.conf:

ifconfig_fxp0="inet xxx.xxx.xxx.192  netmask 0xffffff00"
ifconfig_fxp0_alias0="inet xxx.xxx.xxx.193 netmask 0xffffffff"
ifconfig_fxp0_alias1="inet xxx.xxx.xxx.194 netmask 0xffffff00"
ifconfig_fxp0_alias2="inet xxx.xxx.xxx.195 netmask 0xffffff00"
route_0="xxx.xxx.xxx.193 -iface lo0"
route_1="xxx.xxx.xxx.194 -iface lo0"
route_2="xxx.xxx.xxx.195 -iface lo0"

(And yes, I know that one of the aliases has a /32 netmask and the other two
have a /24 - I was experimenting and there doesn't seem to be a difference)

The routes are something I picked up from reading the archives, they allow
processes in the jail to communicate with the host (mysql, in my case).

Another one that caught me was having /etc/resolv.conf setup properly inside
the jail, otherwise things like telnet will sit and spin trying to do hostname
lookups.

---
Jon Simola <jon@abccom.bc.ca> | "In the near future - corporate networks
    Systems Administrator     |  reach out to the stars, electrons and light 
     ABC  Communications      |  flow throughout the universe." -- GITS



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message