Date: Fri, 02 Oct 2009 13:02:25 -0700 From: Julian Elischer <julian@elischer.org> To: remodeler <remodeler@alentogroup.org> Cc: freebsd-net@freebsd.org Subject: Re: Fw: Re: vimage-assigning interface to jail Message-ID: <4AC65C51.7010506@elischer.org> In-Reply-To: <20091002195008.M13604@alentogroup.org> References: <20091001173851.M50386@alentogroup.org> <4AC4FD98.3000301@elischer.org> <20091002181509.M38849@alentogroup.org> <4ad871310910021136v3dc3cd2l520102bae715c2bc@mail.gmail.com> <20091002190821.M69919@alentogroup.org> <20091002195008.M13604@alentogroup.org>
next in thread | previous in thread | raw e-mail | index | archive | help
remodeler wrote: > Thank you Glen: (sorry this copied twice to glen) > >> Do you have your nameserver in /etc/resolv.conf ? > > The jail and hostname both have /etc/resolv.conf set to a nameserver on the > local host. I get the same error message pinging to the private-space address > of the physical ethernet interface (the server is on a NAT'd development network): > > PING 192.168.0.10 (192.168.0.10): 56 data bytes > ping: sendto: No route to host > > Some other information: > > #ngctl list > There are 5 total nodes: > Name: bridge0 Type: bridge ID: 00000007 Num hooks: 3 > Name: ipfw Type: ipfw ID: 00000001 Num hooks: 0 > Name: ngeth0 Type: eiface ID: 00000004 Num hooks: 1 > Name: ngctl1495 Type: socket ID: 0000000f Num hooks: 0 > Name: msk0 Type: ether ID: 00000002 Num hooks: 2 > > Firewall rules are permissive, allow any to any. The jail environment is: > > #ifconfig > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 > nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL> > maclabel mls/equal(equal-equal) > eth0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > ether 40:0a:0b:0c:0d:01 > inet 172.26.75.10 netmask 0xffffffff broadcast 172.26.75.10 > inet6 fe80::420a:bff:fe0c:d01%eth0 prefixlen 64 scopeid 0x2 > nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL> > maclabel mls/low(low-low) > > with eth0 being a ng_eiface node, moved to the jail with vimage -i testvnet > ngeth0. The host environment is: > > #ifconfig > msk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=11a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4> > ether [edited] > inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255 > inet6 fe80::223:54ff:fe08:2bf7%msk0 prefixlen 64 scopeid 0x1 > nd6 options=41<IFDISABLED,PERFORMNUD,AUTO_LINKLOCAL> > maclabel mls/low(low-low) > media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>) > status: active > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 > nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL> > maclabel mls/equal(equal-equal) > > Output of jls from the host is: > > #jls > # JID IP Address Hostname Path > # 1 - testnet.myorg.org /jail/j/testnet > > I cannot set the IP address when I create the jail without an error: > ip4.addr=${addr} gives "jail: vnet jails cannot have IP address restrictions"; > ip4${addr} gives "jail: ip4: unknown jailsys value "172.26.72.10""; and > ip=${addr} gives "jail: unknown parameter: ip". > > netstat -rn gives: > > #netstat: kvm not available: /dev/mem: Permission denied > #Routing tables > #rt_tables: symbol not in namelist > > /dev/mem is available in the jail environment, and /dev is mounted in the > jail. I get a permission denied error on both /dev/mem and /dev/kmem: > > #ll /dev/kmem (or ll /dev/mem) > #ls: /dev/kmem: Permission denied > > also, > > #vimage -l > testvnet > > I do have vimage-enabled kernels on both the host and the jails (8.0). I > originally installed a non-vimage kernel in the jails, and then updated to a > vimage-enabled kernel following instructions in the handbook (using a template > system). I am fairly certain I have the new kernel, as uname shows my new > build date. > I don't think the kernel in a jail matters. the following has a jail with a root of / for simplicity of testing: soekris# jail -c host.hostname=test path=/ vnet command=/bin/tcsh test# lo0: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> ---- back on host system: soekris# jls JID IP Address Hostname Path 1 - test / soekris# ifconfig vr2 vnet 1 soekris# ---- back on jail 'test' (1): test# ifconfig lo0: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> vr2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC> ether 00:00:24:c9:24:6a media: Ethernet autoselect (none) status: no carrier test# ifconfig vr2 172.28.15.1/24 test# netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire 172.28.15.0/24 link#2 U 0 0 vr2 172.28.15.1 link#2 UHS 0 0 lo0 test# route add default 172.28.15.2 add net default: gateway 172.28.15.2 test# netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.28.15.2 UGS 0 0 vr2 172.28.15.0/24 link#2 U 0 0 vr2 172.28.15.1 link#2 UHS 0 0 lo0 test# I think you need to add a default rule for starters as there is no route to 192.168.x.x in your jail. Remember the jail can not see your base system. > Thank you very much again. > ------- End of Forwarded Message ------- > > > __ __ > ________ ____ ___ ____ ____/ /__ / /__ _____ > / ___/ _ \/ __ `__ \/ __ \/ __ / _ \/ / _ \/ ___/ > / / / __/ / / / / / /_/ / /_/ / __/ / __/ / > /_/ \___/_/ /_/ /_/\____/\__,_/\___/_/\___/_/ > > The information contained in this message is confidential and is intended > for the addressee only. Any unauthorized use, dissemination of the > information, or copying of this message is prohibited. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AC65C51.7010506>