Date: Wed, 30 Nov 2011 18:55:59 +0100 From: Damien Fleuriot <ml@my.gd> To: bsd <bsd@todoo.biz> Cc: "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.org> Subject: Re: Problem with jail network Message-ID: <4ED66E2F.4000401@my.gd> In-Reply-To: <B4E27F22-FD26-4030-9BEB-FA4A486B971C@todoo.biz> References: <3EE6B227-24EC-4600-AF04-BEE7A04677FB@todoo.biz> <4ED65705.8020503@my.gd> <5B932D73-456D-4895-BD8B-9BABAD7AE766@todoo.biz> <4ED66992.9010207@my.gd> <B4E27F22-FD26-4030-9BEB-FA4A486B971C@todoo.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/30/11 6:52 PM, bsd wrote: > Le 30 nov. 2011 à 18:36, Damien Fleuriot a écrit : > >> >> >> On 11/30/11 6:29 PM, bsd wrote: >>> Le 30 nov. 2011 à 17:17, Damien Fleuriot a écrit : >>> >>>> >>>> >>>> On 11/30/11 5:05 PM, bsd wrote: >>>>> Hi, >>>>> >>>>> I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html >>>>> >>>>> The is now correctly starting, but I can't seem to use the network stack. >>>>> >>>>> >>>>>> root@master 16:52:55 ~ -> jls >>>>>> JID IP Address Hostname Path >>>>>> 1 xx.216.yy.150 n0.no.no /jail/j/n0 >>>>> >>>>> >>>>> But I can't ping neither outside of the jail, nor inside of It. >>>>> >>>>> I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else. >>>>> >>>>>> ifconfig_bce0_alias0="inetxx.216.yy.150/32" >>>>> >>>>> >>>>> >>>>> This last command seems to have frozen my system. >>>>> >>>> >>>> Confirm that the MISSING SPACE between your "inet" and "xxx.216..." >>>> statements is only a typo and NOT present in your actual rc.conf >>>> >>> >>> This is confirmed. >>> >>> I have the equivalent of : >>> >>> ifconfig_bce0_alias0="inet 1.2.3.4/32" >>> >> >> AFAIK, unless you allow raw sockets, you will not be able to ping from >> the jail. >> >> >> Find below the conf I successfully used, a long time ago, for a jail >> hosting DNS. >> >> This is from my rc.conf on the host system. >> >> >> >> >> ### JAILS >> jail_enable="NO" >> jail_set_hostname_allow="NO" >> jail_list="ns" >> jail_ns_interface="lo53" >> jail_ns_ip="192.168.0.53,2001:41d0:2:613b::53/56" >> jail_ns_hostname="ns.my.gd" >> # fec0:[interface index]::[damien fleuriot]:[interface number] >> # example: fec0:5::df:252 for loopback interface lo252 >> jail_ns_rootdir="/var/jail/ns" >> jail_ns_devfs_enable="YES" >> #jail_ns_devfs_ruleset="devfsrules_jail_ns" >> >> >> You will notice this creates a lo53 (loopback) interface with private >> IPv4 and IPv6 addresses. >> >> I then used PF to redirect DNS queries to this jail. > > I don't want the IP to be redirected, I would like the jail to have It's own IP. > Redirection would probably involve a NAT on your main IP to the IP of the jail, which is something I would like to avoid. > > > Did you use something like the aforementioned ifconfig alias to give the IP to your jail ? > > ifconfig_bce0_alias0="inet 1.2.3.4/32" > > > What bothers me is that I am not able to ping from the outside either… ?? > > And I can't install any ports because I don't have any network available inside the jail. > > Nope, I used the loopback interface. Again, for pings to work, AFAIK, you need to enable raw sockets within the jail. security.jail.allow_raw_sockets=1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ED66E2F.4000401>