Date: Sun, 16 Dec 2001 11:21:09 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Dmitry Mottl <dima@sinp.msu.ru> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: your mail Message-ID: <20011216111412.K16958-100000@localhost> In-Reply-To: <Pine.BSF.4.43.0112162210510.71267-100000@BigKing.sinp.msu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 16 Dec 2001, Dmitry Mottl wrote: > Hi All! > > I have an error when I try to use IPv4 ping under jail: > socket: Operation not permitted > > I have FreeBSD 4.4-RELEASE > #/sbin/ifconfig -a > ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 > inet6 fe80::200:e8ff:fe62:b65%ed0 prefixlen 64 scopeid 0x1 > inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 first: fix your jailed netmask. since the jail runs on the same network as the "real machine", it should have a netmask of 255.255.255.255. > ether 00:00:e8:62:0b:65 > #mount -t union /sbin /jail/sbin > #mount -t union /bin /jail/bin union filesystems are very.. buggy. from the man page of mount_union(8): BUGS THIS FILESYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T WORK) AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT YOUR OWN RISK. BEWARE OF DOG. SLIPPERY WHEN WET. i would suggest not using those. > #jail /jail host1 192.168.0.2 /bin/sh > #ping 192.168.0.1 > ping: socket: Operation not permitted > ps. tcp/udp routines runs fine. > > And I have a second question. > I have two interfaces: > ed0 192.168.0.1 - my private subnet > ppp0 xxx.xxx.xxx.xxx - internet > and a jail on ed0: 192.168.0.2 > > So, can I organize routing between jail (192.168.0.2) and internet? > Only throw local proxy? the jail is mainly to isolate certain services. since jailed processes have no idea (read, can't see) of anything outside of themselves, if it's not handling the PPP connection, it won't be able to see the route. what you may have to do is set up a route from the jail, over to the main host, running packets through your ed0 interface out (basically: add a static route routing to 192.168.0.1, which would then forward packets out to the Big Bad Internet). i'm not sure this would work, though, having not tried it myself. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011216111412.K16958-100000>