From owner-freebsd-jail@freebsd.org Sun Dec 13 05:18:25 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6768EA42079 for ; Sun, 13 Dec 2015 05:18:25 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 021BD15E4; Sun, 13 Dec 2015 05:18:25 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by wmpp66 with SMTP id p66so21497243wmp.1; Sat, 12 Dec 2015 21:18:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=wmmvnsBvylTTK9fcNs3iB2EOKyYzexzBVbzQpC13YRQ=; b=Y3NCC/spkNzvT/ekfHIi/jJrlyOQSHNxuJvWDq73mBpEL9joXRdei+e2z2k8jVOotz sopVWqn92/+DWh+toL7bCExy3Z/Ls5aYSwwfDY70IOUwPxK+3W4QW8BYXGWiQKjAPSXP ACocdIM6JpceCIseoImWAbpwqoRverrkh8or4g0v77mTio0Dau+raS8zY4Sg1nTU7EkK pQpCxgEhPcTL/10kjZ13m3akev5zr12c3ioPuybXhD+Kn5CI1Pn4fpl2DdgNZhX8Jere w7FKFJ79UVUh4qzs6eSnRv4yxDZ+n9us5+tdiquDjE8bLdKZ8mnjKeeUQhQkXZLnEIYF b8lg== X-Received: by 10.28.170.66 with SMTP id t63mr16039017wme.40.1449983903526; Sat, 12 Dec 2015 21:18:23 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id v129sm9404888wmg.21.2015.12.12.21.18.22 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 12 Dec 2015 21:18:22 -0800 (PST) Subject: Re: Configuring network without ezjail To: James Gritton , freebsd-jail@freebsd.org References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> From: marcel X-Enigmail-Draft-Status: N1110 Message-ID: <566D0DA8.8060502@gmail.com> Date: Sun, 13 Dec 2015 06:18:16 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 05:18:25 -0000 On 12/12/2015 18:10, James Gritton wrote: > On 2015-12-11 18:50, marcel wrote: >> No I don't get to have an IP address... Yet I have writed this in my >> host's rc.conf: >> >> jail_enable="YES" >> jail_list="thename" >> jail_guantanamo_rootdir="thepath" >> jail_guantanamo_hostname="thename" >> jail_guantanamo_ip="192.168.0.12" >> >> and I use the command: >> >> jail thepath thename 192.168.0.12 /bin/csh >> >> to connect to my jail... > > Is the jail even created? You show jail_name as "thename", but the > jail config variables are jail_quantanamo_*. So when you say > "thename" do you really mean quantanamo? Because if you don't, then > the jail won't get configured at startup. > > The command you're using to connect to the jail is actually a command > that creates a jail. That's probably not what you want, as that jail > is likely to disappear again after you exit from it. You should be > using jexec(8), assuming your jail has been properly created in the > first place. > > Now to the IP address: is your entire box behind some gateway, where > it uses a 192.168 address? If it isn't, you'll need more than to just > declare such an address - you'll need a jail with vnet, which is > rather more complex. But if it is, then the question becomes: is > 192.168.0.12 the host address, i.e. are you creating a jail that > shares the host address? If you are it should work, but most jails > aren't done this way. > > Specifying a jail's IP address only tell which of the host's existing > addresses to use. If that address isn't already set up, it won't be > used - unless you tell it to. If you're still using the rc.conf-based > jail specification, you can set jail_interface (or > jail_quantanamo_interface) to the name of the network interface where > the host's main IP address lives (e.g. "em0" or somesuch). Such a > config line is likely all you need. > > - Jamie Yes, the jail is created with the make installworld, make distribution, jail -c , etc method and I launch it with jail -c guantanamo and connect to it with jexec id shell. Yes, sorry I have badly explained so jail_name="thename", thename is guantanamo. My host is behind a router that provide me an internet access yes and yes 192.168.0.12 is my host ip so yes my jail share the host address. jls command show me this address but ifconfig command (in my jail) show me no address... I've read that in my case I've just need of jail_enable="YES" in my rc.conf... I will add with most of jail_guantanamo* variable and test...