From owner-freebsd-questions@FreeBSD.ORG Sun Apr 18 02:30:17 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AA8BC106566C for ; Sun, 18 Apr 2010 02:30:17 +0000 (UTC) (envelope-from eric.m.andrews@gmail.com) Received: from mail-pw0-f54.google.com (mail-pw0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7F5B08FC12 for ; Sun, 18 Apr 2010 02:30:17 +0000 (UTC) Received: by pwi9 with SMTP id 9so2874472pwi.13 for ; Sat, 17 Apr 2010 19:30:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=rKxOhN3EHw7vcxDJ2uYfng4ddpYon20h0Un/zZ3XAYM=; b=owpU8le+rkTnK13MO9KsozKx+x4k4bwE82UK2ZH0zqFKI9HLMtHJBPtiSDzXljkVl+ QdgSiKGBb1d1tGqLw1yAB2MxgxSLAmo75xGUhygu0eNXxsRCNwchtITS2hkeKPiI6WW6 vlJcDTZhBXTzmnKtIh+znUtpG9yoCU26WeGTA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=He51wxbkXBHrOPfDNKriJ1aM2zhZ35o87rdLqyM9z5QL1p5acsRJN1Ay3G3oS5xL8i Fr9e194IluDcx47ZtZYya3DB9EhBzsfEqE8Onu2ehAONVnYWTjEdj2IOTAzmvedfDS+3 sFSpr5z8m+R4nHzLwVsKBpktPmttuA5a4SDoI= MIME-Version: 1.0 Received: by 10.143.5.10 with HTTP; Sat, 17 Apr 2010 19:05:10 -0700 (PDT) In-Reply-To: <4BCA54DC.1000301@comclark.com> References: <4BCA54DC.1000301@comclark.com> Date: Sun, 18 Apr 2010 02:05:10 +0000 Received: by 10.142.63.27 with SMTP id l27mr1498422wfa.220.1271556310466; Sat, 17 Apr 2010 19:05:10 -0700 (PDT) Message-ID: From: Eric Andrews To: Aiza Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: FreeBSD Questions Subject: Re: Ping from jail not permitted error X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Apr 2010 02:30:17 -0000 On Sun, Apr 18, 2010 at 12:39 AM, Aiza wrote: > My jail has public internet access because i can do pkg_add -r unix2dos a= nd > the package does install. But when I enter ping -c 2 freebsd.org I get > message "ping: socket: Operation not permitted" =A0There is no firewall > running in the jail. > > Any ideas would be helpful. there is a reason people write man pages; honor their hard work by reading them first! >From jail(8): security.jail.allow_raw_sockets This MIB entry determines whether or not prison root is allowed t= o create raw sockets. Setting this MIB to 1 allows utilities like ping(8) and traceroute(8) to operate inside the prison. If this = MIB is set, the source IP addresses are enforced to comply with the I= P address bound to the jail, regardless of whether or not the IP_HDRINCL flag has been set on the socket. Since raw sockets ca= n be used to configure and interact with various network subsystems= , extra caution should be used where privileged access to jails is given out to untrusted parties. As such, by default this option = is disabled. Regards, aaron.glenn