From owner-freebsd-jail@freebsd.org Sun Dec 13 18:02:47 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 310A9A421D7 for ; Sun, 13 Dec 2015 18:02:47 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AE7861D91 for ; Sun, 13 Dec 2015 18:02:46 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by mail-wm0-x229.google.com with SMTP id n186so17520027wmn.0 for ; Sun, 13 Dec 2015 10:02:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type; bh=eLKsONCEwpa1xhgEGbrmkqpcqUXP3Fg2YO9yqpnVFqM=; b=Nfh+3ZyZj4n7B4C0YpnO1uK0Medsy0gDnTylTcAEaeI0AccRqWTsontsGlwCL+KULZ g/XyIPQ6n786aJGodTy/IFnCsWY1TaIyTSkrFss50gTbPAKIhYsNK2v5XAN0pz0Md0cb aRTAdrYYDbYKD9ZhPxaUoDbh7hw2Hc+dNpq4LrvY9WFJRkVZMsna+5hhSTl9meytMgfg 6TFe9W4gd53WMykfRW9h/KMVb9mHEive7TB8OUD3FVxejfySwoecZhrwlugUKVP0KQAq xwoCKWniiwwZklvzapsqHgQ+ZoXMUtZgUXknO3Kl59a5DT5Yk9z8pUQHU/SdZ5yOxgP5 W0Mg== X-Received: by 10.194.209.195 with SMTP id mo3mr33232081wjc.16.1450029765062; Sun, 13 Dec 2015 10:02:45 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id a63sm12506581wmc.5.2015.12.13.10.02.44 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 13 Dec 2015 10:02:44 -0800 (PST) Subject: Re: Configuring network without ezjail To: Sami Halabi References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> <1449889151.23602.24.camel@michaeleichorn.com> <566D05DD.9080201@gmail.com> Cc: freebsd-jail@freebsd.org, Dirk Engling , "Michael B. Eichorn" From: marcel Message-ID: <566DC0CD.7060502@gmail.com> Date: Sun, 13 Dec 2015 19:02:37 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 18:02:47 -0000 On 13/12/2015 07:50, Sami Halabi wrote: > > hi, > I think you need to configure the ip in the host first kater it'll be > seen in the jail. > > using rf 1918 addreses means you need NAT in your router to have > access the internet. > rather than that using the term 'routing' is incorrecg unless you have > multiple hops to get the packets to the router. > > Sami > The IP on the host works perfectly, internet access too... But anyway the remote machine on which the jail is on has suddently shutdown and I can't turn on for the moment so subject is closed... Thanks for your help ! > > בתאריך 13 בדצמ׳ 2015 6:45 AM,‏ "marcel" > כתב: > > > > On 12/12/2015 02:59, Michael B. Eichorn wrote: > > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: > >> On Sat, 2015-12-12 at 02:08 +0000, marcel wrote: > >>> ... and I think I have enabling gateway, I wrote thins in both of > >>> my > >>> rc.conf (jail and host): > >>> > >>> gateway_enable="YES" > >>> > >>> Is it correct ? > >> You only need gateway_enable if you are doing routing, it is not > >> necessary for a typical jail setup. Most of the time you are just > >> adding an alias to the host's nic. > OK so if I want to my jail can access to internet I have to do > routing, > right ? > >>> But I don't think I have DNS problems, my host correctly access to > >>> the > >>> internet and the resolv.conf of my jail and my host are same... > >>> > >>> On 12/12/2015 01:50, marcel wrote: > >>>> No I don't get to have an IP address... Yet I have writed this in > >>>> my > >>>> host's rc.conf: > >>>> > >>>> jail_enable="YES" > >>>> jail_list="thename" > >>>> jail_guantanamo_rootdir="thepath" > >>>> jail_guantanamo_hostname="thename" > >>>> jail_guantanamo_ip="192.168.0.12" > >>>> > >>>> and I use the command: > >>>> > >>>> jail thepath thename 192.168.0.12 /bin/csh > >>>> > >>>> to connect to my jail... > >>>> > >>>> On 11/12/2015 23:31, Dirk Engling wrote: > >>>>> On 12.12.15 01:19, marcel wrote: > >>>>> > >>>>>> I would like to know if it is possible to configure a jail's > >>>>>> network for > >>>>>> accessing to the World Wide Web but without ezjail ? > >>>>>> I have created my jail without ezjail (mkdir jail, make > >>>>>> installworld, > >>>>>> etc...) and I would like to continue without it if it's > >>>>>> possible... > >>>>> Sure, why doesn't it connect to the net? Does it have a RFC1918 > >>>>> IP? If > >>>>> so, you need to enable NAT. If not, did you enable gatewaying? > >>>>> Maybe you > >>>>> just have DNS problems, so is your resolv.conf set up properly? > >>>>> > >>>>> Without knowing what exactly is not working, I can not help > >>>>> you. > >>>>> > >>>>> erdgeist > >> I think you found some old instructions, assuming a 10.x system > here > >> is > >> the boilerplate for a typical jail: > >> > >> rc.conf: > >> > >> jail_enable="YES" > >> > >> jail.conf: > >> > >> interface = re0; > >> mount.devfs; > >> exec.start = "/bin/sh /etc/rc"; > >> exec.stop = "/bin/sh /etc/rc.shutdown"; > >> > >> thenameofthejail { > >> host.hostname = host.domain.tld; > >> path = /the/path/to/the/jail > >> ip4.addr = 192.168.0.12; > >> } > >> > >> and start it up with > >> > >> # jail -c thenameofthejail > >> > >> And another handy tip you can avoid building a jail with make by > >> extacting the base.txz file found in places like the install media > >> into > >> the jail directory > OK, so my jail.conf look like your jail.conf and when I type jls > my jail > have the IP 192.168.0.12 but when I type ifconfig in my jail I > have no ip... > > Oh and before I forget, the trickiest thing for me moving from > ezjail > > to jail was updating. Assuming your jails are complete base > systems and > > that you would like to use binary updates with freebsd-update, > and you > > have completely sparated jails without any funny tricks to save > space, > > here is Ike's simple jail update guide: > > > > edit the jail's freebsd-update.conf and change > > > > Components src world kernel > > -to- > > Components world > > > > then run freebsd-update like so: > > > > # freebsd-update -b /usr/jails/jaildir \ > > -f usr/jails/jaildir/etc/freebsd-update.conf \ > > -d /usr/jails/jaildir/var/db/freebsd-update fetch > > # freebsd-update -b /usr/jails/jaildir \ > > -f /usr/jails/jaildir/etc/freebsd-update.conf \ > > -d /usr/jails/jaildir/var/db/freebsd-update install > > > > Using the -f flag keeps the jail from using the host config > since jails > > cannot update kernels anyway. And -d keeps jails and hosts from > > trampling each other which is nice if you want to do more than > one at a > > time, or if you use freebsd-update cron. > Thanks for tip ! > _______________________________________________ > freebsd-jail@freebsd.org mailing > list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to > "freebsd-jail-unsubscribe@freebsd.org > " >