From owner-freebsd-jail@freebsd.org Sun Dec 13 19:41:55 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF376A42D01 for ; Sun, 13 Dec 2015 19:41:55 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mx1.eichornenterprises.com (mx1.eichornenterprises.com [104.236.13.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.eichornenterprises.com", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 846D31E8A for ; Sun, 13 Dec 2015 19:41:55 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mail.eichornenterprises.com (cpe-184-59-147-149.neo.res.rr.com [184.59.147.149]) by mx1.eichornenterprises.com (OpenSMTPD) with ESMTP id 8152a44a; Sun, 13 Dec 2015 14:41:46 -0500 (EST) Received: by mail.eichornenterprises.com (OpenSMTPD) with ESMTPSA id bd4f8469 TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO; Sun, 13 Dec 2015 14:41:45 -0500 (EST) Message-ID: <1450035705.21744.4.camel@michaeleichorn.com> Subject: Re: Configuring network without ezjail From: "Michael B. Eichorn" To: marcel , Dirk Engling , freebsd-jail@freebsd.org Date: Sun, 13 Dec 2015 14:41:45 -0500 In-Reply-To: <566DBECE.1000602@gmail.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> <1449889151.23602.24.camel@michaeleichorn.com> <566D05DD.9080201@gmail.com> <1450016073.15959.10.camel@michaeleichorn.com> <566DBECE.1000602@gmail.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 19:41:55 -0000 On Sun, 2015-12-13 at 18:54 +0000, marcel wrote: > > On 13/12/2015 14:14, Michael B. Eichorn wrote: > > On Sun, 2015-12-13 at 05:45 +0000, marcel wrote: > > > On 12/12/2015 02:59, Michael B. Eichorn wrote: > > > > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: > > > > > On Sat, 2015-12-12 at 02:08 +0000, marcel wrote: > > > > > > ... and I think I have enabling gateway, I wrote thins in > > > > > > both > > > > > > of > > > > > > my > > > > > > rc.conf (jail and host): > > > > > > > > > > > > gateway_enable="YES" > > > > > > > > > > > > Is it correct ? > > > > > You only need gateway_enable if you are doing routing, it is > > > > > not > > > > > necessary for a typical jail setup. Most of the time you are > > > > > just > > > > > adding an alias to the host's nic. > > > OK so if I want to my jail can access to internet I have to do > > > routing, > > > right ? > > No. In your other email you mentioned the host is behind a router, > > just > > assign the jail a static ip on the same subnet as the host. The > > router > > will treat it very similarly to adding another computer via a > > switch. > I've already done this and it doesn't work, jls show the address I > have > configured but when ifconfig shownothing in the jail, and still have > no > internet cnnection in the jail... Does ifconfig on the host show the jail's ip added as an alias? > > > > > > > > But I don't think I have DNS problems, my host correctly > > > > > > access > > > > > > to > > > > > > the > > > > > > internet and the resolv.conf of my jail and my host are > > > > > > same... > > > > > > > > > > > > On 12/12/2015 01:50, marcel wrote: > > > > > > > No I don't get to have an IP address... Yet I have writed > > > > > > > this in > > > > > > > my > > > > > > > host's rc.conf: > > > > > > > > > > > > > > jail_enable="YES" > > > > > > > jail_list="thename" > > > > > > > jail_guantanamo_rootdir="thepath" > > > > > > > jail_guantanamo_hostname="thename" > > > > > > > jail_guantanamo_ip="192.168.0.12" > > > > > > > > > > > > > > and I use the command: > > > > > > > > > > > > > > jail thepath thename 192.168.0.12 /bin/csh > > > > > > > > > > > > > > to connect to my jail... > > > > > > > > > > > > > > On 11/12/2015 23:31, Dirk Engling wrote: > > > > > > > > On 12.12.15 01:19, marcel wrote: > > > > > > > > > > > > > > > > > I would like to know if it is possible to configure a > > > > > > > > > jail's > > > > > > > > > network for > > > > > > > > > accessing to the World Wide Web but without ezjail ? > > > > > > > > > I have created my jail without ezjail (mkdir jail, > > > > > > > > > make > > > > > > > > > installworld, > > > > > > > > > etc...) and I would like to continue without it if > > > > > > > > > it's > > > > > > > > > possible... > > > > > > > > Sure, why doesn't it connect to the net? Does it have a > > > > > > > > RFC1918 > > > > > > > > IP? If > > > > > > > > so, you need to enable NAT. If not, did you enable > > > > > > > > gatewaying? > > > > > > > > Maybe you > > > > > > > > just have DNS problems, so is your resolv.conf set up > > > > > > > > properly? > > > > > > > > > > > > > > > > Without knowing what exactly is not working, I can not > > > > > > > > help > > > > > > > > you. > > > > > > > > > > > > > > > >   erdgeist > > > > > I think you found some old instructions, assuming a 10.x > > > > > system > > > > > here > > > > > is > > > > > the boilerplate for a typical jail: > > > > > > > > > > rc.conf: > > > > > > > > > >   jail_enable="YES" > > > > > > > > > > jail.conf: > > > > > > > > > >   interface = re0; > > > > >   mount.devfs; > > > > >   exec.start = "/bin/sh /etc/rc"; > > > > >   exec.stop = "/bin/sh /etc/rc.shutdown"; > > > > > > > > > >   thenameofthejail { > > > > >         host.hostname = host.domain.tld; > > > > > path = /the/path/to/the/jail > > > > >         ip4.addr = 192.168.0.12; > > > > >   } > > > > > > > > > > and start it up with > > > > > > > > > > # jail -c thenameofthejail > > > > > > > > > > And another handy tip you can avoid building a jail with make > > > > > by > > > > > extacting the base.txz file found in places like the install > > > > > media > > > > > into > > > > > the jail directory > > > OK, so my jail.conf look like your jail.conf and when I type jls > > > my > > > jail > > > have the IP 192.168.0.12 but when I type ifconfig in my jail I > > > have > > > no ip... > > Is 192.168.0.12 your host IP? The jail needs a different static IP > > address e.g. 182,168.0.13. There are ways around this but usually > > you > > want a different IP. Each jail and the host have a different IP. > > The > > setting ip4.addr in jail.conf will cause jail(8) to create an alias > > with the new IP on the NIC specified by interface in jail.conf. > > Destroying the jail with `jail -r ` removes the alias. > OK, I did'nt know jail -r for removing the alias, thanks ! Not just removing the alias, `jail -c ` starts the jail configured in jail.conf, `jail -r ` stops the jail, `jail -rc ` restarts the jail. If jail.conf is correct these commands should handle all of the networking setup, mounting devfs, starting rc.d in the jail, ect. > > > > Oh and before I forget, the trickiest thing for me moving from > > > > ezjail > > > > to jail was updating. Assuming your jails are complete base > > > > systems > > > > and > > > > that you would like to use binary updates with freebsd-update, > > > > and > > > > you > > > > have completely sparated jails without any funny tricks to save > > > > space, > > > > here is Ike's simple jail update guide: > > > > > > > > edit the jail's freebsd-update.conf and change > > > > > > > > Components src world kernel > > > > -to- > > > > Components world > > > > > > > > then run freebsd-update like so: > > > > > > > > # freebsd-update -b /usr/jails/jaildir \ > > > > -f usr/jails/jaildir/etc/freebsd-update.conf \ > > > > -d /usr/jails/jaildir/var/db/freebsd-update fetch > > > > # freebsd-update -b /usr/jails/jaildir \ > > > > -f /usr/jails/jaildir/etc/freebsd-update.conf \ > > > > -d /usr/jails/jaildir/var/db/freebsd-update install > > > > > > > > Using the -f flag keeps the jail from using the host config > > > > since > > > > jails > > > > cannot update kernels anyway. And -d keeps jails and hosts from > > > > trampling each other which is nice if you want to do more than > > > > one > > > > at a > > > > time, or if you use freebsd-update cron. > > > Thanks for tip ! > But anyway, the jail I try to configure is on a remote computer and > he > just has  gone to shutdown... and to turn on I have to do some > kilometers and I haven't the time for the moment... So for the moment > subject is closed, thanks for your incredible help all !