From owner-freebsd-questions@FreeBSD.ORG Tue Mar 23 07:26:03 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C8737106566B for ; Tue, 23 Mar 2010 07:26:03 +0000 (UTC) (envelope-from aiza21@comclark.com) Received: from avmxsmtp1.comclark.com (avmxsmtp1.comclark.com [202.69.191.115]) by mx1.freebsd.org (Postfix) with ESMTP id 5C7B68FC1A for ; Tue, 23 Mar 2010 07:26:03 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqAfACMKqEvKRa39OWdsb2JhbAAHh1iTUwEBAQE3BrpDhH0Egxw X-IronPort-AV: E=Sophos;i="4.51,293,1267372800"; d="scan'208";a="10752393" Received: from unknown (HELO [10.0.10.3]) ([202.69.173.253]) by avmxsmtp5.comclark.com with ESMTP; 23 Mar 2010 15:26:01 +0800 Message-ID: <4BA86D06.8040609@comclark.com> Date: Tue, 23 Mar 2010 15:25:58 +0800 From: Aiza User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4BA5AA53.5030503@comclark.com> <4BA69566.2040504@markshroyer.com> <4BA6B80F.7050806@comclark.com> <4BA6CB8B.8070309@markshroyer.com> <4BA73C9D.7090900@comclark.com> <20100322095545.GA77714@ei.bzerk.org> <12437d831003220323o4463044bu416f994f0129b459@mail.gmail.com> <20100322112235.GA78247@ei.bzerk.org> <4BA7655A.70604@comclark.com> In-Reply-To: <4BA7655A.70604@comclark.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: ezjail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2010 07:26:03 -0000 Aiza wrote: > Ruben de Groot wrote: >> On Mon, Mar 22, 2010 at 11:23:54AM +0100, Dh?nin Jean-Jacques typed: >> >>>>> on the lan gives me no sockets mesg. And ftp from 10.0.10.6 to >>>>> 10.0.20.30 the ftp jail gives me no connection error. >> >>> add >>> >>> sysctl security.jail.allow_raw_sockets=1 >>> or in /etc/sysctl.conf >>> on the host (not in in the jail) >> >> This will enable him to ping another host from within the jail. I >> won't do anything for ftp. >> >> OP: what exact error do you get? And does ftp work *within* the jail >> (ftp localhost)? > > with sysctl security.jail.allow_raw_sockets=1 done on the host. From > within the jail did ping -c 2 10.0.10.6 which is a pc on the lan gives > me socket: Operation not permitted mesg. > > And ftp from 10.0.10.6 to 10.0.20.30 the ftp jail gives me no connection > error. > > Just how am i to determine if ftp work *within* the jail ftp localhost? For the archives. This is the results from the original poster. My original goal was to test jails on the gateway for access only from the lan users. To wanted a jailed ftp service for LAN users to upload and download stuff between them selfs. I already have a working lan users ftp setup on the gateway server so this jail setup is not really needed. So it's not a problem of knowing how to setup ftp. My main vehicle of jail management was ezjail. Did not play with the native jail command. The final outcome is I could not get jails to communicate over the private LAN. Seeing as jails design uses public ip address, it's little wonder it wont work with private LAN ip address. In time jails and ezjail will mature and maybe evolve into working with jails with private ip address. But for now jails don't serve my purposes.