FreeBSD Mail Archives

Date:      Wed, 30 May 2018 11:24:03 -0400
From:      "James B. Byrne" <byrnejb@harte-lyne.ca>
To:        freebsd-questions@freebsd.org
Subject:   What have I neglected to do in order to get networking in a jail?
Message-ID:  <3d2630ccefe11fb3fa94678665b4f7c6.squirrel@webmail.harte-lyne.ca>

next in thread | raw e-mail | index | archive | help

On FreeBSD-11.1 host:

[root@host:~]# service pf onestatus
pf.ko is not loaded


In /etc/rc.conf
. . .
defaultrouter="216.185.71.1"      # Gateway
gateway_enable="YES"              # Enable as ipv4 LAN gateway for
guests/jails
#ipv6_gateway_enable="YES"        # Enable as ipv6 LAN gateway

# Aliases on the host i/f are set here - jailed aliases are handled by
ezjail
ifconfig_vtnet0_alias0="inet 192.168.216.18 netmask 255.255.255.255"
#ifconfig_vtnet0_alias1="inet 192.168.216.xxx netmask 0xFFFFFFFF"
#ifconfig_vtnet0_alias2="inet 192.168.216.xxy netmask 0xFFFFFFFF"

### Enable and configure ezjail jails
# Setup the loopback interfaces that each jail will use
# Remember to add a 'set skip on lo#' clause in /etc/pf.conf
cloned_interfaces="lo1 lo2"
ipv4_addrs_lo1="127.0.31.1/32"
ipv4_addrs_lo2="127.0.32.1/32"

### Jailed Services
ezjail_enable="YES"               # Enable ezjail jail manager


[root@host:~]# ifconfig

vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
	options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
	ether 58:9c:fc:0e:cd:bb
	hwaddr 58:9c:fc:0e:cd:bb
	inet 216.185.71.18 netmask 0xffffff00 broadcast 216.185.71.255
	inet 192.168.216.18 netmask 0xffffffff broadcast 192.168.216.18
	inet 218.185.71.31 netmask 0xffffffff broadcast 218.185.71.31
	inet 192.168.216.31 netmask 0xffffffff broadcast 192.168.216.31
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T <full-duplex>
	status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
	inet 127.0.0.1 netmask 0xff000000
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet 127.0.31.1 netmask 0xffffffff
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	groups: lo
lo2: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet 127.0.32.1 netmask 0xffffffff
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	groups: lo


[root@host:~]# jls
   JID  IP Address      Hostname                      Path
     1  127.0.31.1      mx31                          /usr/jails/mx31


On jail:

root@mx31:~ # sysctl security.jail.allow_raw_sockets
security.jail.allow_raw_sockets: 1

root@mx31:~ # ifconfig
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
	options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
	ether 58:9c:fc:0e:cd:bb
	hwaddr 58:9c:fc:0e:cd:bb
	inet 218.185.71.31 netmask 0xffffffff broadcast 218.185.71.31
	inet 192.168.216.31 netmask 0xffffffff broadcast 192.168.216.31
	media: Ethernet 10Gbase-T <full-duplex>
	status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	groups: lo
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet 127.0.31.1 netmask 0xffffffff
	groups: lo
lo2: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	groups: lo

root@mx31:~ # cat /etc/resolv.conf
search harte-lyne.ca
nameserver 216.185.71.33
nameserver 216.185.71.34
nameserver 127.0.0.1
options edns0

root@mx31:~ # cat /etc/hosts
# $FreeBSD: releng/11.1/etc/hosts 109997 2003-01-28 21:29:23Z dbaker $
#
# Host Database
. . .
#
#
::1             localhost localhost.harte-lyne.ca
127.0.0.1       localhost localhost.harte-lyne.ca


root@mx31:~ # pkg install bash
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from
pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait...
pkg: Error fetching
http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/Latest/pkg.txz: No
address record
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports:
'ports-mgmt/pkg'.



root@mx31:~ # ping 216.185.71.1
PING 216.185.71.1 (216.185.71.1): 56 data bytes
^C
--- 216.185.71.1 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss

Why does this jail not have a network connection?

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3d2630ccefe11fb3fa94678665b4f7c6.squirrel>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation