From owner-freebsd-questions@FreeBSD.ORG Wed Nov 30 17:52:25 2011 Return-Path: Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0BBE8106566B for ; Wed, 30 Nov 2011 17:52:25 +0000 (UTC) (envelope-from bsd@todoo.biz) Received: from newmail.rmm.fr (newmail.rmm.fr [87.98.206.99]) by mx1.freebsd.org (Postfix) with ESMTP id 908138FC08 for ; Wed, 30 Nov 2011 17:52:24 +0000 (UTC) Received: from newmail.rmm.fr (localhost [127.0.0.1]) by newmail.rmm.fr (Postfix) with ESMTP id 9605B78C5A; Wed, 30 Nov 2011 18:52:22 +0100 (CET) X-Virus-Scanned: amavisd-new 2.7.0 (20110701) at rmm.fr Received: from newmail.rmm.fr ([127.0.0.1]) by newmail.rmm.fr (newmail.rmm.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id J-suSG1_uM05; Wed, 30 Nov 2011 18:52:22 +0100 (CET) Received: from newmail.rmm.fr (newmail.rmm.fr [87.98.206.99]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: hidden) by newmail.rmm.fr (Postfix) with ESMTPSA id 3258178C4A ; Wed, 30 Nov 2011 18:52:22 +0100 (CET) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=windows-1252 From: bsd In-Reply-To: <4ED66992.9010207@my.gd> Date: Wed, 30 Nov 2011 18:52:22 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <3EE6B227-24EC-4600-AF04-BEE7A04677FB@todoo.biz> <4ED65705.8020503@my.gd> <5B932D73-456D-4895-BD8B-9BABAD7AE766@todoo.biz> <4ED66992.9010207@my.gd> To: Damien Fleuriot X-Mailer: Apple Mail (2.1084) Cc: "freebsd-questions@FreeBSD.org" Subject: Re: Problem with jail network X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2011 17:52:25 -0000 Le 30 nov. 2011 =E0 18:36, Damien Fleuriot a =E9crit : >=20 >=20 > On 11/30/11 6:29 PM, bsd wrote: >> Le 30 nov. 2011 =E0 17:17, Damien Fleuriot a =E9crit : >>=20 >>>=20 >>>=20 >>> On 11/30/11 5:05 PM, bsd wrote: >>>> Hi,=20 >>>>=20 >>>> I have been configuring a jail system using the howto provided here = : http://www.freebsd.org/doc/handbook/jails-application.html >>>>=20 >>>> The is now correctly starting, but I can't seem to use the network = stack.=20 >>>>=20 >>>>=20 >>>>> root@master 16:52:55 ~ -> jls >>>>> JID IP Address Hostname Path >>>>> 1 xx.216.yy.150 n0.no.no /jail/j/n0 >>>>=20 >>>>=20 >>>> But I can't ping neither outside of the jail, nor inside of It.=20 >>>>=20 >>>> I am a bit confused because I don't know if I have to configure the = IP using an alias on the main Eth interface, or do something else.=20 >>>>=20 >>>>> ifconfig_bce0_alias0=3D"inetxx.216.yy.150/32" >>>>=20 >>>>=20 >>>>=20 >>>> This last command seems to have frozen my system.=20 >>>>=20 >>>=20 >>> Confirm that the MISSING SPACE between your "inet" and "xxx.216..." >>> statements is only a typo and NOT present in your actual rc.conf >>>=20 >>=20 >> This is confirmed.=20 >>=20 >> I have the equivalent of :=20 >>=20 >> ifconfig_bce0_alias0=3D"inet 1.2.3.4/32" >>=20 >=20 > AFAIK, unless you allow raw sockets, you will not be able to ping from > the jail. >=20 >=20 > Find below the conf I successfully used, a long time ago, for a jail > hosting DNS. >=20 > This is from my rc.conf on the host system. >=20 >=20 >=20 >=20 > ### JAILS > jail_enable=3D"NO" > jail_set_hostname_allow=3D"NO" > jail_list=3D"ns" > jail_ns_interface=3D"lo53" > jail_ns_ip=3D"192.168.0.53,2001:41d0:2:613b::53/56" > jail_ns_hostname=3D"ns.my.gd" > # fec0:[interface index]::[damien fleuriot]:[interface number] > # example: fec0:5::df:252 for loopback interface lo252 > jail_ns_rootdir=3D"/var/jail/ns" > jail_ns_devfs_enable=3D"YES" > #jail_ns_devfs_ruleset=3D"devfsrules_jail_ns" >=20 >=20 > You will notice this creates a lo53 (loopback) interface with private > IPv4 and IPv6 addresses. >=20 > I then used PF to redirect DNS queries to this jail. I don't want the IP to be redirected, I would like the jail to have It's = own IP.=20 Redirection would probably involve a NAT on your main IP to the IP of = the jail, which is something I would like to avoid.=20 Did you use something like the aforementioned ifconfig alias to give the = IP to your jail ?=20 ifconfig_bce0_alias0=3D"inet 1.2.3.4/32" What bothers me is that I am not able to ping from the outside either=85 = ??=20 And I can't install any ports because I don't have any network available = inside the jail.=20 =96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96= =96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96 ---------> Gr=E9gory Bernard Director <--------- ---------------> www.osnet.eu <--------------- --> Your provider of OpenSource appliances <-- =96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96= =96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96=96 OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO