From owner-freebsd-questions  Thu Jan 31 21:34:50 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from falcon.prod.itd.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by hub.freebsd.org (Postfix) with ESMTP id 11DF537B417
	for <freebsd-questions@freebsd.org>; Thu, 31 Jan 2002 21:34:45 -0800 (PST)
Received: from user-33qtmu3.dsl.mindspring.com ([199.174.219.195] helo=gohan.cjclark.org)
	by falcon.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16WWLP-0000bB-00; Thu, 31 Jan 2002 21:34:41 -0800
Received: (from cjc@localhost)
	by gohan.cjclark.org (8.11.6/8.11.1) id g115YOe82278;
	Thu, 31 Jan 2002 21:34:24 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 31 Jan 2002 21:34:23 -0800
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Tim Gustafson <tim@falconsoft.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Jail and PING / NSLOOKUP
Message-ID: <20020131213423.J152@gohan.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <Pine.BSF.4.21.0201301931490.74162-100000@falconsoft.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0201301931490.74162-100000@falconsoft.com>; from tim@falconsoft.com on Wed, Jan 30, 2002 at 07:34:50PM +0000
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Jan 30, 2002 at 07:34:50PM +0000, Tim Gustafson wrote:
> Hello
> 
> I just started up three jails on my machine and they are all working
> beautifully, except for PING and NSLOOKUPs.
> 
> Pings flat-out don't work.  I get "ping: socket: Operation not
> permitted" when I try to ping a host, regardless of wether or not I'm
> root.

ping(8) does not work from a jail(8). This is a feature, not a
bug. Once cannot open a raw socket in a jail. A raw socket is needed
to send out an ICMP datagram.

> Nslookup works about 80% of the time, but they time out a lot.  They use
> the same name server as the main machine, but are much more prone to
> failing and much slower.

nslookup(8) bad. It very bad. nslookup(8) depricated. Do not use
nslookup(8). Use host(1) and dig(1). If you still have weird results
with those, they will be easier to debug.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message