From owner-freebsd-questions@freebsd.org Sat Dec 3 23:10:14 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A675C652CA for ; Sat, 3 Dec 2016 23:10:14 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from cyrus.watson.org (cyrus.watson.org [198.74.231.69]) by mx1.freebsd.org (Postfix) with ESMTP id ED9D99AA for ; Sat, 3 Dec 2016 23:10:13 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 6A25B47E76 for ; Sat, 3 Dec 2016 18:10:12 -0500 (EST) Received: from fledge.watson.org (doug@localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.15.2/8.15.2) with ESMTP id uB3NACTA060380 for ; Sat, 3 Dec 2016 18:10:12 -0500 (EST) (envelope-from doug@fledge.watson.org) Received: from localhost (doug@localhost) by fledge.watson.org (8.15.2/8.15.2/Submit) with ESMTP id uB3NACHK060377 for ; Sat, 3 Dec 2016 18:10:12 -0500 (EST) (envelope-from doug@fledge.watson.org) Date: Sat, 3 Dec 2016 18:10:11 -0500 (EST) From: doug Reply-To: doug@safeport.com To: freebsd-questions@FreeBSD.org Subject: Re: Can't ping in jail In-Reply-To: Message-ID: References: User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (fledge.watson.org [127.0.0.1]); Sat, 03 Dec 2016 18:10:12 -0500 (EST) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Dec 2016 23:10:14 -0000 On Sat, 3 Dec 2016, doug wrote: > This is a 9.3-RELEASE-p49 system. In the jail: > > gaia:~> sysctl security.jail.allow_raw_sockets > security.jail.allow_raw_sockets: 1 > > gaia:~> ifconfig > em0: flags=8843 metric 0 mtu 1500 > > options=4219b > ether c8:9c:dc:eb:ab:fb > inet 192.168.2.110 netmask 0xffffffff broadcast 192.168.2.110 > media: Ethernet autoselect (100baseTX ) > status: active > lo0: flags=8049 metric 0 mtu 16384 > options=600003 > > and as root > > gaia:/home/doug# ping -c 2 192.168.2.102 > PING 192.168.2.102 (192.168.2.102): 56 data bytes > ping: sendto: Can't assign requested address > ping: sendto: Can't assign requested address > ^C > --- 192.168.2.102 ping statistics --- > 2 packets transmitted, 0 packets received, 100.0% packet loss > > ctrl-c is required to end the command. This is without a loopback defined. If > I define the loopback I can ping 127.0.0.1 but nothing else. What am I > missing? Okay after lots of reading: handbook, man pages, wiki's, and google (I did RTFM) I an pretty sure I have a routing issue and that security.jail.allow_raw_sockets works. That said, I give up. The host was getting its IP via DHCP so I changed that, defined the host as a gateway, did what I know how to so with netmasks and set all the sysctl's that seemed remotely related to this in the host. At the end of the day virtually all combinations of the aforementioned allow the jail to ping its own IP and localhost. Now moving on to stuff that pays the rent. Any thoughts welcomed though.