From owner-freebsd-questions@freebsd.org Wed May 30 15:24:08 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 662D4F75FCF for ; Wed, 30 May 2018 15:24:08 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0BEF368D93 for ; Wed, 30 May 2018 15:24:07 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 172406256B for ; Wed, 30 May 2018 11:24:07 -0400 (EDT) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GiEdUmc-apPO for ; Wed, 30 May 2018 11:24:03 -0400 (EDT) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 80D8D62546 for ; Wed, 30 May 2018 11:24:03 -0400 (EDT) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Wed, 30 May 2018 11:24:03 -0400 Message-ID: <3d2630ccefe11fb3fa94678665b4f7c6.squirrel@webmail.harte-lyne.ca> Date: Wed, 30 May 2018 11:24:03 -0400 Subject: What have I neglected to do in order to get networking in a jail? From: "James B. Byrne" To: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2018 15:24:08 -0000 On FreeBSD-11.1 host: [root@host:~]# service pf onestatus pf.ko is not loaded In /etc/rc.conf . . . defaultrouter="216.185.71.1" # Gateway gateway_enable="YES" # Enable as ipv4 LAN gateway for guests/jails #ipv6_gateway_enable="YES" # Enable as ipv6 LAN gateway # Aliases on the host i/f are set here - jailed aliases are handled by ezjail ifconfig_vtnet0_alias0="inet 192.168.216.18 netmask 255.255.255.255" #ifconfig_vtnet0_alias1="inet 192.168.216.xxx netmask 0xFFFFFFFF" #ifconfig_vtnet0_alias2="inet 192.168.216.xxy netmask 0xFFFFFFFF" ### Enable and configure ezjail jails # Setup the loopback interfaces that each jail will use # Remember to add a 'set skip on lo#' clause in /etc/pf.conf cloned_interfaces="lo1 lo2" ipv4_addrs_lo1="127.0.31.1/32" ipv4_addrs_lo2="127.0.32.1/32" ### Jailed Services ezjail_enable="YES" # Enable ezjail jail manager [root@host:~]# ifconfig vtnet0: flags=8943 metric 0 mtu 1500 options=80028 ether 58:9c:fc:0e:cd:bb hwaddr 58:9c:fc:0e:cd:bb inet 216.185.71.18 netmask 0xffffff00 broadcast 216.185.71.255 inet 192.168.216.18 netmask 0xffffffff broadcast 192.168.216.18 inet 218.185.71.31 netmask 0xffffffff broadcast 218.185.71.31 inet 192.168.216.31 netmask 0xffffffff broadcast 192.168.216.31 nd6 options=29 media: Ethernet 10Gbase-T status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff000000 nd6 options=21 groups: lo lo1: flags=8049 metric 0 mtu 16384 options=600003 inet 127.0.31.1 netmask 0xffffffff nd6 options=29 groups: lo lo2: flags=8049 metric 0 mtu 16384 options=600003 inet 127.0.32.1 netmask 0xffffffff nd6 options=29 groups: lo [root@host:~]# jls JID IP Address Hostname Path 1 127.0.31.1 mx31 /usr/jails/mx31 On jail: root@mx31:~ # sysctl security.jail.allow_raw_sockets security.jail.allow_raw_sockets: 1 root@mx31:~ # ifconfig vtnet0: flags=8943 metric 0 mtu 1500 options=80028 ether 58:9c:fc:0e:cd:bb hwaddr 58:9c:fc:0e:cd:bb inet 218.185.71.31 netmask 0xffffffff broadcast 218.185.71.31 inet 192.168.216.31 netmask 0xffffffff broadcast 192.168.216.31 media: Ethernet 10Gbase-T status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 groups: lo lo1: flags=8049 metric 0 mtu 16384 options=600003 inet 127.0.31.1 netmask 0xffffffff groups: lo lo2: flags=8049 metric 0 mtu 16384 options=600003 groups: lo root@mx31:~ # cat /etc/resolv.conf search harte-lyne.ca nameserver 216.185.71.33 nameserver 216.185.71.34 nameserver 127.0.0.1 options edns0 root@mx31:~ # cat /etc/hosts # $FreeBSD: releng/11.1/etc/hosts 109997 2003-01-28 21:29:23Z dbaker $ # # Host Database . . . # # ::1 localhost localhost.harte-lyne.ca 127.0.0.1 localhost localhost.harte-lyne.ca root@mx31:~ # pkg install bash The package management tool is not yet installed on your system. Do you want to fetch and install it now? [y/N]: y Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait... pkg: Error fetching http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/Latest/pkg.txz: No address record A pre-built version of pkg could not be found for your system. Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'. root@mx31:~ # ping 216.185.71.1 PING 216.185.71.1 (216.185.71.1): 56 data bytes ^C --- 216.185.71.1 ping statistics --- 5 packets transmitted, 0 packets received, 100.0% packet loss Why does this jail not have a network connection? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3