Date: Sun, 13 Dec 2015 14:41:45 -0500 From: "Michael B. Eichorn" <ike@michaeleichorn.com> To: marcel <marcel.plouf@gmail.com>, Dirk Engling <erdgeist@erdgeist.org>, freebsd-jail@freebsd.org Subject: Re: Configuring network without ezjail Message-ID: <1450035705.21744.4.camel@michaeleichorn.com> In-Reply-To: <566DBECE.1000602@gmail.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> <1449889151.23602.24.camel@michaeleichorn.com> <566D05DD.9080201@gmail.com> <1450016073.15959.10.camel@michaeleichorn.com> <566DBECE.1000602@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2015-12-13 at 18:54 +0000, marcel wrote:
>
> On 13/12/2015 14:14, Michael B. Eichorn wrote:
> > On Sun, 2015-12-13 at 05:45 +0000, marcel wrote:
> > > On 12/12/2015 02:59, Michael B. Eichorn wrote:
> > > > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
> > > > > On Sat, 2015-12-12 at 02:08 +0000, marcel wrote:
> > > > > > ... and I think I have enabling gateway, I wrote thins in
> > > > > > both
> > > > > > of
> > > > > > my
> > > > > > rc.conf (jail and host):
> > > > > >
> > > > > > gateway_enable="YES"
> > > > > >
> > > > > > Is it correct ?
> > > > > You only need gateway_enable if you are doing routing, it is
> > > > > not
> > > > > necessary for a typical jail setup. Most of the time you are
> > > > > just
> > > > > adding an alias to the host's nic.
> > > OK so if I want to my jail can access to internet I have to do
> > > routing,
> > > right ?
> > No. In your other email you mentioned the host is behind a router,
> > just
> > assign the jail a static ip on the same subnet as the host. The
> > router
> > will treat it very similarly to adding another computer via a
> > switch.
> I've already done this and it doesn't work, jls show the address I
> have
> configured but when ifconfig shownothing in the jail, and still have
> no
> internet cnnection in the jail...
Does ifconfig on the host show the jail's ip added as an alias?
> >
> > > > > > But I don't think I have DNS problems, my host correctly
> > > > > > access
> > > > > > to
> > > > > > the
> > > > > > internet and the resolv.conf of my jail and my host are
> > > > > > same...
> > > > > >
> > > > > > On 12/12/2015 01:50, marcel wrote:
> > > > > > > No I don't get to have an IP address... Yet I have writed
> > > > > > > this in
> > > > > > > my
> > > > > > > host's rc.conf:
> > > > > > >
> > > > > > > jail_enable="YES"
> > > > > > > jail_list="thename"
> > > > > > > jail_guantanamo_rootdir="thepath"
> > > > > > > jail_guantanamo_hostname="thename"
> > > > > > > jail_guantanamo_ip="192.168.0.12"
> > > > > > >
> > > > > > > and I use the command:
> > > > > > >
> > > > > > > jail thepath thename 192.168.0.12 /bin/csh
> > > > > > >
> > > > > > > to connect to my jail...
> > > > > > >
> > > > > > > On 11/12/2015 23:31, Dirk Engling wrote:
> > > > > > > > On 12.12.15 01:19, marcel wrote:
> > > > > > > >
> > > > > > > > > I would like to know if it is possible to configure a
> > > > > > > > > jail's
> > > > > > > > > network for
> > > > > > > > > accessing to the World Wide Web but without ezjail ?
> > > > > > > > > I have created my jail without ezjail (mkdir jail,
> > > > > > > > > make
> > > > > > > > > installworld,
> > > > > > > > > etc...) and I would like to continue without it if
> > > > > > > > > it's
> > > > > > > > > possible...
> > > > > > > > Sure, why doesn't it connect to the net? Does it have a
> > > > > > > > RFC1918
> > > > > > > > IP? If
> > > > > > > > so, you need to enable NAT. If not, did you enable
> > > > > > > > gatewaying?
> > > > > > > > Maybe you
> > > > > > > > just have DNS problems, so is your resolv.conf set up
> > > > > > > > properly?
> > > > > > > >
> > > > > > > > Without knowing what exactly is not working, I can not
> > > > > > > > help
> > > > > > > > you.
> > > > > > > >
> > > > > > > > erdgeist
> > > > > I think you found some old instructions, assuming a 10.x
> > > > > system
> > > > > here
> > > > > is
> > > > > the boilerplate for a typical jail:
> > > > >
> > > > > rc.conf:
> > > > >
> > > > > jail_enable="YES"
> > > > >
> > > > > jail.conf:
> > > > >
> > > > > interface = re0;
> > > > > mount.devfs;
> > > > > exec.start = "/bin/sh /etc/rc";
> > > > > exec.stop = "/bin/sh /etc/rc.shutdown";
> > > > >
> > > > > thenameofthejail {
> > > > > host.hostname = host.domain.tld;
> > > > > path = /the/path/to/the/jail
> > > > > ip4.addr = 192.168.0.12;
> > > > > }
> > > > >
> > > > > and start it up with
> > > > >
> > > > > # jail -c thenameofthejail
> > > > >
> > > > > And another handy tip you can avoid building a jail with make
> > > > > by
> > > > > extacting the base.txz file found in places like the install
> > > > > media
> > > > > into
> > > > > the jail directory
> > > OK, so my jail.conf look like your jail.conf and when I type jls
> > > my
> > > jail
> > > have the IP 192.168.0.12 but when I type ifconfig in my jail I
> > > have
> > > no ip...
> > Is 192.168.0.12 your host IP? The jail needs a different static IP
> > address e.g. 182,168.0.13. There are ways around this but usually
> > you
> > want a different IP. Each jail and the host have a different IP.
> > The
> > setting ip4.addr in jail.conf will cause jail(8) to create an alias
> > with the new IP on the NIC specified by interface in jail.conf.
> > Destroying the jail with `jail -r <jailname> ` removes the alias.
> OK, I did'nt know jail -r for removing the alias, thanks !
Not just removing the alias, `jail -c <jailname>` starts the jail
<jailname> configured in jail.conf, `jail -r <jailname>` stops the
jail, `jail -rc <jailname>` restarts the jail. If jail.conf is correct
these commands should handle all of the networking setup, mounting
devfs, starting rc.d in the jail, ect.
> > > > Oh and before I forget, the trickiest thing for me moving from
> > > > ezjail
> > > > to jail was updating. Assuming your jails are complete base
> > > > systems
> > > > and
> > > > that you would like to use binary updates with freebsd-update,
> > > > and
> > > > you
> > > > have completely sparated jails without any funny tricks to save
> > > > space,
> > > > here is Ike's simple jail update guide:
> > > >
> > > > edit the jail's freebsd-update.conf and change
> > > >
> > > > Components src world kernel
> > > > -to-
> > > > Components world
> > > >
> > > > then run freebsd-update like so:
> > > >
> > > > # freebsd-update -b /usr/jails/jaildir \
> > > > -f usr/jails/jaildir/etc/freebsd-update.conf \
> > > > -d /usr/jails/jaildir/var/db/freebsd-update fetch
> > > > # freebsd-update -b /usr/jails/jaildir \
> > > > -f /usr/jails/jaildir/etc/freebsd-update.conf \
> > > > -d /usr/jails/jaildir/var/db/freebsd-update install
> > > >
> > > > Using the -f flag keeps the jail from using the host config
> > > > since
> > > > jails
> > > > cannot update kernels anyway. And -d keeps jails and hosts from
> > > > trampling each other which is nice if you want to do more than
> > > > one
> > > > at a
> > > > time, or if you use freebsd-update cron.
> > > Thanks for tip !
> But anyway, the jail I try to configure is on a remote computer and
> he
> just has gone to shutdown... and to turn on I have to do some
> kilometers and I haven't the time for the moment... So for the moment
> subject is closed, thanks for your incredible help all !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1450035705.21744.4.camel>