Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 3 Dec 2016 18:10:11 -0500 (EST)
From:      doug <doug@fledge.watson.org>
To:        freebsd-questions@FreeBSD.org
Subject:   Re: Can't ping in jail 
Message-ID:  <alpine.BSF.2.20.1612031801220.33158@fledge.watson.org>
In-Reply-To: <alpine.BSF.2.20.1612030234030.77272@fledge.watson.org>
References:  <alpine.BSF.2.20.1612030234030.77272@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 3 Dec 2016, doug wrote:

> This is a 9.3-RELEASE-p49 system. In the jail:
>
> gaia:~> sysctl security.jail.allow_raw_sockets
> security.jail.allow_raw_sockets: 1
>
> gaia:~> ifconfig
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>
> options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
>        ether c8:9c:dc:eb:ab:fb
>        inet 192.168.2.110 netmask 0xffffffff broadcast 192.168.2.110
>        media: Ethernet autoselect (100baseTX <full-duplex>)
>        status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
>
> and as root
>
> gaia:/home/doug# ping -c 2 192.168.2.102
> PING 192.168.2.102 (192.168.2.102): 56 data bytes
> ping: sendto: Can't assign requested address
> ping: sendto: Can't assign requested address
> ^C
> --- 192.168.2.102 ping statistics ---
> 2 packets transmitted, 0 packets received, 100.0% packet loss
>
> ctrl-c is required to end the command. This is without a loopback defined. If 
> I define the loopback I can ping 127.0.0.1 but nothing else. What am I 
> missing?

Okay after lots of reading: handbook, man pages, wiki's, and google (I did RTFM) 
I an pretty sure I have a routing issue and that security.jail.allow_raw_sockets 
works. That said, I give up. The host was getting its IP via DHCP so I changed 
that, defined the host as a gateway, did what I know how to so with netmasks and 
set all the sysctl's that seemed remotely related to this in the host. At the 
end of the day virtually all combinations of the aforementioned allow the jail 
to ping its own IP and localhost. Now moving on to stuff that pays the rent. Any 
thoughts welcomed though.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1612031801220.33158>