From owner-freebsd-questions@FreeBSD.ORG Tue Jul 26 22:31:25 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90C0D16A41F for ; Tue, 26 Jul 2005 22:31:25 +0000 (GMT) (envelope-from kl@os.lv) Received: from trollis.latnet.lv (trollis.latnet.lv [159.148.1.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFCD143D4C for ; Tue, 26 Jul 2005 22:31:22 +0000 (GMT) (envelope-from kl@os.lv) Received: from localhost (localhost.localdomain [127.0.0.1]) by trollis.latnet.lv (Postfix) with ESMTP id 056461D36D5 for ; Wed, 27 Jul 2005 01:31:21 +0300 (EEST) Received: from trollis.latnet.lv ([127.0.0.1]) by localhost (trollis.latnet.lv [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16985-04 for ; Wed, 27 Jul 2005 01:31:20 +0300 (EEST) Received: from os.lv (unknown [159.148.155.3]) by trollis.latnet.lv (Postfix) with SMTP id 3DA6D1D3687 for ; Wed, 27 Jul 2005 01:31:20 +0300 (EEST) Received: from 80.70.26.44 ([80.70.26.44]) by os.lv (WinRoute Pro 4.1) with SMTP; Wed, 27 Jul 2005 01:34:20 +0300 Message-ID: <42E6B9B8.4060401@os.lv> Date: Wed, 27 Jul 2005 01:31:20 +0300 From: Casper User-Agent: Mozilla Thunderbird 1.0.6-1.1.fc4 (X11/20050720) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <42E64D9E.5080106@os.lv> In-Reply-To: <42E64D9E.5080106@os.lv> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new 2.2.1 (20041222) at latnet.lv Subject: Re: jail networking X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jul 2005 22:31:25 -0000 I played little more: jail# ping www.google.lv PING www.l.google.com (216.239.59.104): 56 data bytes ^C --- www.l.google.com ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss jail# ping 216.239.59.104 PING 216.239.59.104 (216.239.59.104): 56 data bytes 64 bytes from 216.239.59.104: icmp_seq=0 ttl=245 time=64.629 ms 64 bytes from 216.239.59.104: icmp_seq=1 ttl=245 time=63.744 ms ^C --- 216.239.59.104 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss With host ping not working, and seems that dns is working ok, becouse it resolving ip and with ip network working... :) Anybody can say what is the problem? :) Casper Casper wrote: > > Hi, > > I have problem with setuping network to jail... > I have #uname -a > FreeBSD gam.zuze.lv 5.4-RELEASE-p5 FreeBSD Wed Jul 20 19:52:44 EEST 2005 > and installed jail on it... > sysctl: > net.inet.ip.forwarding: 1 > security.jail.set_hostname_allowed: 1 > security.jail.socket_unixiproute_only: 1 > security.jail.sysvipc_allowed: 0 > security.jail.getfsstatroot_only: 1 > security.jail.allow_raw_sockets: 1 > security.jail.chflags_allowed: 0 > security.jail.jailed: 0 > > from host ping: > # ping www.google.lv > PING www.l.google.com (216.239.59.104): 56 data bytes > 64 bytes from 216.239.59.104: icmp_seq=0 ttl=245 time=64.608 ms > 64 bytes from 216.239.59.104: icmp_seq=1 ttl=245 time=65.198 ms > 2 packets transmitted, 2 packets received, 0% packet loss > > from jail: > jail# ping www.google.lv > PING www.l.google.com (216.239.59.99): 56 data bytes > ^C > --- www.l.google.com ping statistics --- > 3 packets transmitted, 0 packets received, 100% packet loss > > but traceroute from jail show every second packet: > 4 latnet.to.lattelekom.lv (195.13.173.221) 4.324 ms * 4.810 ms > 5 * so-4-0-0-war1.lnt.cw.net (166.63.222.101) 54.223 ms * > 6 so-7-0-0-zcr2.lnt.cw.net (166.63.222.42) 72.205 ms * 54.778 ms > 7 * 195.66.226.125 (195.66.226.125) 90.496 ms * > 8 216.239.46.173 (216.239.46.173) 54.711 ms * 54.204 ms > 9 * 216.239.49.254 (216.239.49.254) 64.939 ms * > 10 216.239.49.121 (216.239.49.121) 67.530 ms * 216.239.49.114 > (216.239.49.114) 68.128 ms > 11 * 216.239.59.103 (216.239.59.103) 64.615 ms * > > From jail I can ping router and local network ips... > > My pf.conf: > ext_if="rl0" > int_if="rl1" > internal_net="172.22.1.0/24" > external_addr="xx.xx.xx.xx" > table { 10.0.0.0/8, 127.0.0.0/8, 172.22.0.0/24, 192.168.0.0/24 } > set loginterface $ext_if > set block-policy return > scrub in all > nat on $ext_if from $internal_net to any -> ($ext_if) > pass in all > pass out all > pass in on $ext_if proto tcp from any to $ext_if port 22 keep state > pass out on $ext_if proto { tcp, udp } all keep state > pass in on $ext_if proto { tcp, udp } from any to port 80 keep state > pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers > pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing > > > There is some manual about jail networking? > I don`t understand why not working jail network if I can ping router > from jail, routes ok and traceroute strange packets... > > tnx, > > Casper > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >