Date: Tue, 26 Jul 2005 17:50:06 +0300 From: Casper <kl@os.lv> To: freebsd-questions@freebsd.org Subject: jail networking Message-ID: <42E64D9E.5080106@os.lv>
next in thread | raw e-mail | index | archive | help
Hi,
I have problem with setuping network to jail...
I have #uname -a
FreeBSD gam.zuze.lv 5.4-RELEASE-p5 FreeBSD Wed Jul 20 19:52:44 EEST 2005
and installed jail on it...
sysctl:
net.inet.ip.forwarding: 1
security.jail.set_hostname_allowed: 1
security.jail.socket_unixiproute_only: 1
security.jail.sysvipc_allowed: 0
security.jail.getfsstatroot_only: 1
security.jail.allow_raw_sockets: 1
security.jail.chflags_allowed: 0
security.jail.jailed: 0
from host ping:
# ping www.google.lv
PING www.l.google.com (216.239.59.104): 56 data bytes
64 bytes from 216.239.59.104: icmp_seq=0 ttl=245 time=64.608 ms
64 bytes from 216.239.59.104: icmp_seq=1 ttl=245 time=65.198 ms
2 packets transmitted, 2 packets received, 0% packet loss
from jail:
jail# ping www.google.lv
PING www.l.google.com (216.239.59.99): 56 data bytes
^C
--- www.l.google.com ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
but traceroute from jail show every second packet:
4 latnet.to.lattelekom.lv (195.13.173.221) 4.324 ms * 4.810 ms
5 * so-4-0-0-war1.lnt.cw.net (166.63.222.101) 54.223 ms *
6 so-7-0-0-zcr2.lnt.cw.net (166.63.222.42) 72.205 ms * 54.778 ms
7 * 195.66.226.125 (195.66.226.125) 90.496 ms *
8 216.239.46.173 (216.239.46.173) 54.711 ms * 54.204 ms
9 * 216.239.49.254 (216.239.49.254) 64.939 ms *
10 216.239.49.121 (216.239.49.121) 67.530 ms * 216.239.49.114
(216.239.49.114) 68.128 ms
11 * 216.239.59.103 (216.239.59.103) 64.615 ms *
From jail I can ping router and local network ips...
My pf.conf:
ext_if="rl0"
int_if="rl1"
internal_net="172.22.1.0/24"
external_addr="xx.xx.xx.xx"
table <foo> { 10.0.0.0/8, 127.0.0.0/8, 172.22.0.0/24, 192.168.0.0/24 }
set loginterface $ext_if
set block-policy return
scrub in all
nat on $ext_if from $internal_net to any -> ($ext_if)
pass in all
pass out all
pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
pass out on $ext_if proto { tcp, udp } all keep state
pass in on $ext_if proto { tcp, udp } from any to <foo> port 80 keep state
pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers
pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing
There is some manual about jail networking?
I don`t understand why not working jail network if I can ping router
from jail, routes ok and traceroute strange packets...
tnx,
Casper
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E64D9E.5080106>