Date: Sun, 18 Apr 2010 02:05:10 +0000 From: Eric Andrews <eric.m.andrews@gmail.com> To: Aiza <aiza21@comclark.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Ping from jail not permitted error Message-ID: <q2g7a4707ef1004171905t23105062j92654e73a113f230@mail.gmail.com> In-Reply-To: <4BCA54DC.1000301@comclark.com> References: <4BCA54DC.1000301@comclark.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 18, 2010 at 12:39 AM, Aiza <aiza21@comclark.com> wrote:
> My jail has public internet access because i can do pkg_add -r unix2dos a=
nd
> the package does install. But when I enter ping -c 2 freebsd.org I get
> message "ping: socket: Operation not permitted" =A0There is no firewall
> running in the jail.
>
> Any ideas would be helpful.
there is a reason people write man pages; honor their hard work by
reading them first!
>From jail(8):
security.jail.allow_raw_sockets
This MIB entry determines whether or not prison root is allowed t=
o
create raw sockets. Setting this MIB to 1 allows utilities like
ping(8) and traceroute(8) to operate inside the prison. If this =
MIB
is set, the source IP addresses are enforced to comply with the I=
P
address bound to the jail, regardless of whether or not the
IP_HDRINCL flag has been set on the socket. Since raw sockets ca=
n
be used to configure and interact with various network subsystems=
,
extra caution should be used where privileged access to jails is
given out to untrusted parties. As such, by default this option =
is
disabled.
Regards,
aaron.glenn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?q2g7a4707ef1004171905t23105062j92654e73a113f230>