From owner-freebsd-questions@FreeBSD.ORG Mon Mar 22 12:41:24 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06F7D1065678 for ; Mon, 22 Mar 2010 12:41:24 +0000 (UTC) (envelope-from aiza21@comclark.com) Received: from avmxsmtp1.comclark.com (avmxsmtp1.comclark.com [202.69.191.115]) by mx1.freebsd.org (Postfix) with ESMTP id 724148FC26 for ; Mon, 22 Mar 2010 12:41:23 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvwbAHcCp0vKRa39OWdsb2JhbAAHh1eTWAEBAQE3BrpPhH0Egxw X-IronPort-AV: E=Sophos;i="4.51,287,1267372800"; d="scan'208";a="10623980" Received: from unknown (HELO [10.0.10.3]) ([202.69.173.253]) by avmxsmtp2.comclark.com with ESMTP; 22 Mar 2010 20:41:21 +0800 Message-ID: <4BA7655A.70604@comclark.com> Date: Mon, 22 Mar 2010 20:40:58 +0800 From: Aiza User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Ruben de Groot , jj@dhenin.fr, Aiza , Mark Shroyer , freebsd-questions@freebsd.org References: <4BA5AA53.5030503@comclark.com> <4BA69566.2040504@markshroyer.com> <4BA6B80F.7050806@comclark.com> <4BA6CB8B.8070309@markshroyer.com> <4BA73C9D.7090900@comclark.com> <20100322095545.GA77714@ei.bzerk.org> <12437d831003220323o4463044bu416f994f0129b459@mail.gmail.com> <20100322112235.GA78247@ei.bzerk.org> In-Reply-To: <20100322112235.GA78247@ei.bzerk.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: ezjail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2010 12:41:24 -0000 Ruben de Groot wrote: > On Mon, Mar 22, 2010 at 11:23:54AM +0100, Dh?nin Jean-Jacques typed: > >>>> on the lan gives me no sockets mesg. And ftp from 10.0.10.6 to >>>> 10.0.20.30 the ftp jail gives me no connection error. > >> add >> >> sysctl security.jail.allow_raw_sockets=1 >> or in /etc/sysctl.conf >> on the host (not in in the jail) > > This will enable him to ping another host from within the jail. I won't > do anything for ftp. > > OP: what exact error do you get? And does ftp work *within* the jail > (ftp localhost)? with sysctl security.jail.allow_raw_sockets=1 done on the host. From within the jail did ping -c 2 10.0.10.6 which is a pc on the lan gives me socket: Operation not permitted mesg. And ftp from 10.0.10.6 to 10.0.20.30 the ftp jail gives me no connection error. Just how am i to determine if ftp work *within* the jail ftp localhost?