From owner-freebsd-questions@freebsd.org Fri Aug 24 15:10:14 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 927E6108C76A for ; Fri, 24 Aug 2018 15:10:14 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: from mail-vk0-x243.google.com (mail-vk0-x243.google.com [IPv6:2607:f8b0:400c:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 270298A11C for ; Fri, 24 Aug 2018 15:10:13 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: by mail-vk0-x243.google.com with SMTP id w193-v6so4448968vke.2 for ; Fri, 24 Aug 2018 08:10:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yabarana-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OMigRoUBhg2cWq275ZIvtcrmL/LB319kQgCGRG1mXFo=; b=sPjJnBuF5QTnhi6UuE9j6tx8EP+IB+M9bkMNvXNBbl74U7alxzS6mtS05Bt0EYRYwp MLLaI+mLBcEcLMxFDdpnfNeBkJzd1ZT0H/zyUWzgtms4im6Wgjen2VEICjLIz38MREC+ Ajt7sarJtft9IjNbVq8R30IRaPBORc8F6ZmBnOKfK9d8AVWX8Pl7aAj7nODuyd51mIDY pH0fFCkJf/ctO0mTJkmV0aa2sLKSMkuqeNvRYSPjh6AagTw2Xzpf1TRKyleX2KuOhB1u XuoCY/5K7g7VgBr3hfSjN7TLWKMMU43lm2xQVuR5iSkEgTbqq7yxumOjGuNmZ1xRmpgj F7xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OMigRoUBhg2cWq275ZIvtcrmL/LB319kQgCGRG1mXFo=; b=Dw48CaVObpyECDcsCTPuYiob/dbyqsJAEK3QGKQyhXq/twTt7L7NL9ZGX9NJnElfQ9 raKl7c4f3cA57W5qMy7IEnsNrFaUM9kmjQuayyVJsCL1Kd2vR5miS96qE4qhDqwAHVZC 9PlB5ASl/v8JgMnzphWmimG5huKGkbUi3kewnRchDRJmesHBGfXgiN47VzmGv7BSYbwk GQtlsCNLxHU5tGNKshukiWB9cDG+YIymM/oOvjXROsun3LETyPuPW4EzToLkD5/5X1Xl iiJe5LlZ3etrZWbVZy+QY96kAq34jRGouxYv+QO6aCpUnDFpOyJGvOY3VbJejrMCZhbN zTwA== X-Gm-Message-State: APzg51Bkbtp9vQGelVSDeDjQRLfrgp11+YDVivZKK68NpC5gPKPYE3HT n6Sq6JuoESffq4uJNLClJSonGhRcGSZzC+dhu5cKgtOb3wfROw== X-Google-Smtp-Source: ANB0VdZmuc4eY+Qlb2xNiHyMeFvHgJgSe1irrwpgd8R7eRJSFZ0dLRPp1sTVL3U3l7tWgYOvn4rshM9NWGSn5bhdggI= X-Received: by 2002:a1f:3547:: with SMTP id c68-v6mr1294822vka.150.1535123413295; Fri, 24 Aug 2018 08:10:13 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a67:3056:0:0:0:0:0 with HTTP; Fri, 24 Aug 2018 08:10:12 -0700 (PDT) In-Reply-To: References: <6B17F10B-F3AE-45C5-8011-EBE52462230E@glasgow.ac.uk> From: Alejandro Imass Date: Fri, 24 Aug 2018 11:10:12 -0400 Message-ID: Subject: Re: Jails and networks To: Norman Gray Cc: FreeBSD Questions Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Aug 2018 15:10:14 -0000 On Fri, Aug 24, 2018 at 8:35 AM, Norman Gray wrote: > > Alejandro, hello. > > On 23 Aug 2018, at 23:18, Alejandro Imass wrote: > [...] > Thanks for this advice. However I don't think this is the root of my > problem. I can do: > [...] > igb0: flags=8843 metric 0 mtu 1500 > > options=6403bb > ether a4:bf:01:26:7d:b1 > hwaddr a4:bf:01:26:7d:b1 > inet 192.168.11.128 netmask 0xffffffff broadcast 192.168.11.128 [...] > which look right, but > > # host www.freebsd.org > ;; connection timed out; no servers could be reached > # > > So something is still amiss with the networking inside the jail, or the way > I've set up networking outside of the jail (nothing exotic at all as far as > I'm aware), and I'm at a loss as to what it might be, or how to debug it. > Try by IP to the outside first. Make sure you have a resolv.conf in your jail. Copy the one from outside or use something like: nameserver 8.8.8.8 I banged my head on this for a while. > There's something important about jail networking that I'm not > understanding, but I haven't a clue what it is. Most frustrating. > It usually works pretty much automatic, especially with ezjail. [...] > On the question of 'ezjail-admin start' vs /usr/sbin/jail... > > I'd switched to starting jails with /usr/sbin/jail partly because I'd formed > the impression that ezjail could be used as a convenient way of doing the > fiddly and errorprone work of assembling jails, but that the jails were > standard enough that they could be managed thereafter with the standard > tool. This impression may of course be wrong in an illuminating way. > > If true, that's a nice place to be, since 'ezjail-admin create' is doing > work that I basically understand but would do less well, but there's no > extra magic that 'ezjail-admin start' is doing. I'm all for minimising > magic. > > Also, it seems that there's at least some incompatibility between current > ezjail (3.4.2) and 11.2 jails. exjail-admin starts jails using the > four-argument call to /usr/sbin/jail, which means that /etc/jail.conf is > ignored. `jail` produces a warning in this case, that this is an 'obsolete' > way of starting a jail; the jail(8) manpage doesn't say 'obsolete', but does > mention this call as being present 'for backward compatibility'. > > That is: > > # ezjail-admin onestart norman > Starting jails:/etc/rc.d/jail: WARNING: /var/run/jail.norman.conf is > created and used for jail norman. > /etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables is > obsolete. Please consider migrating to /etc/jail.conf. > Yeah, I've seen that for a long time now and I've seen some discussion around it. Not sure it makes any real difference and has never been a problem for me. Maybe you can try a the ezjail mailing list: https://erdgeist.org/arts/software/ezjail/#author-contact Dirk is usually very friendly and fast in responding. Qjail says they work on 11 and beyond but I've never tried it. There's been some friction over the years and I sided with Dirk and continue to use ezjail.