From owner-freebsd-questions@FreeBSD.ORG Sun Apr 18 03:32:30 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C7EF106566C for ; Sun, 18 Apr 2010 03:32:30 +0000 (UTC) (envelope-from aiza21@comclark.com) Received: from avmxsmtp1.comclark.com (avmxsmtp1.comclark.com [202.69.191.115]) by mx1.freebsd.org (Postfix) with ESMTP id 8B3EA8FC13 for ; Sun, 18 Apr 2010 03:32:29 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AugVAN0ZykvKRa0WPGdsb2JhbAAHh1+UHgEBAQE1uxGFEASDMA X-IronPort-AV: E=Sophos;i="4.52,229,1270396800"; d="scan'208";a="14625566" Received: from unknown (HELO [10.0.10.3]) ([202.69.173.22]) by avmxsmtp3.comclark.com with ESMTP; 18 Apr 2010 11:32:27 +0800 Message-ID: <4BCA7D4A.6060309@comclark.com> Date: Sun, 18 Apr 2010 11:32:26 +0800 From: Aiza User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: kurt seel References: <4BCA54DC.1000301@comclark.com> <4BCA61FC.5000308@governmentcostsolutions.com> In-Reply-To: <4BCA61FC.5000308@governmentcostsolutions.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions Subject: Re: Ping from jail not permitted error X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Apr 2010 03:32:30 -0000 kurt seel wrote: > Aiza wrote: >> My jail has public internet access because i can do pkg_add -r >> unix2dos and the package does install. But when I enter ping -c 2 >> freebsd.org I get message "ping: socket: Operation not permitted" >> There is no firewall running in the jail. >> >> Any ideas would be helpful. >> >> Thanks > > ICMP is disallowed by defaut for jails, see the sysctl : > security.jail.allow_raw_sockets > There are good reasons for this default, so if you test remember to set it > back when you are done. > Also, on a point of style, jails in their current form (see VIMAGE) > do not get a network stack of their own so they don't have a firewall but > share the hosts' network and firewall, etc. > > I don't have man vimage. Is this part of Freebsd?