Date: Sun, 4 Dec 2016 11:29:11 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: Can't ping in jail Message-ID: <8d283142-a8e8-fed5-0ab4-57960dfbb304@FreeBSD.org> In-Reply-To: <5843788A.2080902@gmail.com> References: <alpine.BSF.2.20.1612030234030.77272@fledge.watson.org> <alpine.BSF.2.20.1612031801220.33158@fledge.watson.org> <584368A1.5080206@gmail.com> <alpine.BSF.2.00.1612031954060.53759@bucksport.safeport.com> <5843788A.2080902@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --3G4S3aBHpcSSIEQhBRjmlasqB0DjNOXXI Content-Type: multipart/mixed; boundary="VH08GPmwqHQU3EbG9Eis327388db8I2LR"; protected-headers="v1" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Message-ID: <8d283142-a8e8-fed5-0ab4-57960dfbb304@FreeBSD.org> Subject: Re: Can't ping in jail References: <alpine.BSF.2.20.1612030234030.77272@fledge.watson.org> <alpine.BSF.2.20.1612031801220.33158@fledge.watson.org> <584368A1.5080206@gmail.com> <alpine.BSF.2.00.1612031954060.53759@bucksport.safeport.com> <5843788A.2080902@gmail.com> In-Reply-To: <5843788A.2080902@gmail.com> --VH08GPmwqHQU3EbG9Eis327388db8I2LR Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 04/12/2016 01:59, Ernie Luzar wrote: > This post sheds a lot light on your problem. ezjail uses the legacy > method with definition statements in /etc/rc.conf and qjail uses the > modern way using /etc/jail.conf. qjail is a fork of ezjail so many > things will feel the same moving to qjail. The ezjail and qjail > directory tree is named differently and use different internal control > files so you would have to build your qjail jails anew. qjail and ezjai= l > can both run on the same host at the same time just using different jai= l > ip addresses. >=20 > Both methods have statements for enabling allow_raw_sockets on a jail > by jail basis which is the way it should be done. The sysctl nib has to= > be issued on the host were the jails are, not the gateway host connecte= d > to the public network. >=20 > ezjail requires manual starting and stopping of ip alias for the jail. > qjail does all that for you without you having to take any actions. >=20 > there is a qjail version for 9.x systems, but its out dated and at EOL.= The jail management system that has been attracting a lot of attention and favourable comment recently is iocage. The original version was written in /bin/sh and this is what is in ports as sysutils/iocage or sysutils/iocage-devel. The authors are intending to rewrite it in a different language though. It does, however, require you to use ZFS, since it stores all the configuration into it needs as ZFS properties. https://iocage.readthedocs.io/en/latest/ Cheers, Matthew --VH08GPmwqHQU3EbG9Eis327388db8I2LR-- --3G4S3aBHpcSSIEQhBRjmlasqB0DjNOXXI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJYQ/4MXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATZCgP/145KjuVn09Tr3sLKpIzlfQ8 6EF5bJpQRpSUGrBx80hhreqMNwOUftN406tr5tnpCiri1q9prZN3M+VuLYItVOR3 xc6Rx3aFyqo9/7HOcU5drvIlfaLJdHzPIhn96jQ5HKfJi2x/LmHvw+PEU0DVm3ZZ Yaa7keXtm3AiWpiMtWwJXgec8P3UNBtxK9vUyAkRNiFXXU5joR6eOW6+OL0ees6U VZKCjNDxClLmKCPEZOcdiVsYU2fNX6TAoD6RVeCBCsN/YA70biJ+d/7G4jAymPpT aUxfB9CmM4tc/YXA7JBSErKFMZm4Z/12orKzivaNL0EFerNRwy/bBPHlCuDHDx7I 6X+MYXF6bDmPnSykqlWdx6rI7ZaamqRYCPNT7fR/16xOOlvBC9EOmDW0X16EICHx gXNKGQakke01ISrL6ycY/juay1T4l1AB4Nx6onYPjxgvEktU+ic/Rmia7qczLOPZ xAO9pZKUD0CQQcedhG++SPMT0hNobDrJCsLWSzXA+jmTQEbhiRZkKjeMAqLzaPzI mpyoookzvn+ftwFSISjpkf+urhS8gCiOrDG4sXPe47Yckqch86xn6TIXkRAZBZVe KwoBy51UgifHfsgUQQP9lldgsY+BFONl1HGPsBwkDMpBMOlyqUwHty5cJ1GYQ3ye 7rDULv/ZHmv3EYxrBf/r =cPG9 -----END PGP SIGNATURE----- --3G4S3aBHpcSSIEQhBRjmlasqB0DjNOXXI--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8d283142-a8e8-fed5-0ab4-57960dfbb304>