Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 Nov 2011 18:36:18 +0100
From:      Damien Fleuriot <ml@my.gd>
To:        bsd <bsd@todoo.biz>,  "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.org>
Subject:   Re: Problem with jail network
Message-ID:  <4ED66992.9010207@my.gd>
In-Reply-To: <5B932D73-456D-4895-BD8B-9BABAD7AE766@todoo.biz>
References:  <3EE6B227-24EC-4600-AF04-BEE7A04677FB@todoo.biz> <4ED65705.8020503@my.gd> <5B932D73-456D-4895-BD8B-9BABAD7AE766@todoo.biz>
next in thread | previous in thread | raw e-mail | index | archive | help 


On 11/30/11 6:29 PM, bsd wrote:
> Le 30 nov. 2011 à 17:17, Damien Fleuriot a écrit :
> 
>>
>>
>> On 11/30/11 5:05 PM, bsd wrote:
>>> Hi, 
>>>
>>> I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html
>>>
>>> The is now correctly starting, but I can't seem to use the network stack. 
>>>
>>>
>>>> root@master 16:52:55 ~ -> jls
>>>> JID  IP Address      Hostname                      Path
>>>>  1  xx.216.yy.150  n0.no.no                    /jail/j/n0
>>>
>>>
>>> But I can't ping neither outside of the jail, nor inside of It. 
>>>
>>> I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else. 
>>>
>>>> ifconfig_bce0_alias0="inetxx.216.yy.150/32"
>>>
>>>
>>>
>>> This last command seems to have frozen my system. 
>>>
>>
>> Confirm that the MISSING SPACE between your "inet" and "xxx.216..."
>> statements is only a typo and NOT present in your actual rc.conf
>>
> 
> This is confirmed. 
> 
> I have the equivalent of : 
> 
> ifconfig_bce0_alias0="inet 1.2.3.4/32"
> 

AFAIK, unless you allow raw sockets, you will not be able to ping from
the jail.


Find below the conf I successfully used, a long time ago, for a jail
hosting DNS.

This is from my rc.conf on the host system.




### JAILS
jail_enable="NO"
jail_set_hostname_allow="NO"
jail_list="ns"
jail_ns_interface="lo53"
jail_ns_ip="192.168.0.53,2001:41d0:2:613b::53/56"
jail_ns_hostname="ns.my.gd"
# fec0:[interface index]::[damien fleuriot]:[interface number]
# example: fec0:5::df:252 for loopback interface lo252
jail_ns_rootdir="/var/jail/ns"
jail_ns_devfs_enable="YES"
#jail_ns_devfs_ruleset="devfsrules_jail_ns"


You will notice this creates a lo53 (loopback) interface with private
IPv4 and IPv6 addresses.

I then used PF to redirect DNS queries to this jail.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ED66992.9010207>