Date: Sun, 13 Dec 2015 18:54:06 +0000 From: marcel <marcel.plouf@gmail.com> To: "Michael B. Eichorn" <ike@michaeleichorn.com>, Dirk Engling <erdgeist@erdgeist.org>, freebsd-jail@freebsd.org Subject: Re: Configuring network without ezjail Message-ID: <566DBECE.1000602@gmail.com> In-Reply-To: <1450016073.15959.10.camel@michaeleichorn.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> <1449889151.23602.24.camel@michaeleichorn.com> <566D05DD.9080201@gmail.com> <1450016073.15959.10.camel@michaeleichorn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13/12/2015 14:14, Michael B. Eichorn wrote:
> On Sun, 2015-12-13 at 05:45 +0000, marcel wrote:
>> On 12/12/2015 02:59, Michael B. Eichorn wrote:
>>> On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
>>>> On Sat, 2015-12-12 at 02:08 +0000, marcel wrote:
>>>>> ... and I think I have enabling gateway, I wrote thins in both
>>>>> of
>>>>> my
>>>>> rc.conf (jail and host):
>>>>>
>>>>> gateway_enable="YES"
>>>>>
>>>>> Is it correct ?
>>>> You only need gateway_enable if you are doing routing, it is not
>>>> necessary for a typical jail setup. Most of the time you are just
>>>> adding an alias to the host's nic.
>> OK so if I want to my jail can access to internet I have to do
>> routing,
>> right ?
> No. In your other email you mentioned the host is behind a router, just
> assign the jail a static ip on the same subnet as the host. The router
> will treat it very similarly to adding another computer via a switch.
I've already done this and it doesn't work, jls show the address I have
configured but when ifconfig shownothing in the jail, and still have no
internet cnnection in the jail...
>
>>>>> But I don't think I have DNS problems, my host correctly access
>>>>> to
>>>>> the
>>>>> internet and the resolv.conf of my jail and my host are same...
>>>>>
>>>>> On 12/12/2015 01:50, marcel wrote:
>>>>>> No I don't get to have an IP address... Yet I have writed
>>>>>> this in
>>>>>> my
>>>>>> host's rc.conf:
>>>>>>
>>>>>> jail_enable="YES"
>>>>>> jail_list="thename"
>>>>>> jail_guantanamo_rootdir="thepath"
>>>>>> jail_guantanamo_hostname="thename"
>>>>>> jail_guantanamo_ip="192.168.0.12"
>>>>>>
>>>>>> and I use the command:
>>>>>>
>>>>>> jail thepath thename 192.168.0.12 /bin/csh
>>>>>>
>>>>>> to connect to my jail...
>>>>>>
>>>>>> On 11/12/2015 23:31, Dirk Engling wrote:
>>>>>>> On 12.12.15 01:19, marcel wrote:
>>>>>>>
>>>>>>>> I would like to know if it is possible to configure a
>>>>>>>> jail's
>>>>>>>> network for
>>>>>>>> accessing to the World Wide Web but without ezjail ?
>>>>>>>> I have created my jail without ezjail (mkdir jail, make
>>>>>>>> installworld,
>>>>>>>> etc...) and I would like to continue without it if it's
>>>>>>>> possible...
>>>>>>> Sure, why doesn't it connect to the net? Does it have a
>>>>>>> RFC1918
>>>>>>> IP? If
>>>>>>> so, you need to enable NAT. If not, did you enable
>>>>>>> gatewaying?
>>>>>>> Maybe you
>>>>>>> just have DNS problems, so is your resolv.conf set up
>>>>>>> properly?
>>>>>>>
>>>>>>> Without knowing what exactly is not working, I can not help
>>>>>>> you.
>>>>>>>
>>>>>>> erdgeist
>>>> I think you found some old instructions, assuming a 10.x system
>>>> here
>>>> is
>>>> the boilerplate for a typical jail:
>>>>
>>>> rc.conf:
>>>>
>>>> jail_enable="YES"
>>>>
>>>> jail.conf:
>>>>
>>>> interface = re0;
>>>> mount.devfs;
>>>> exec.start = "/bin/sh /etc/rc";
>>>> exec.stop = "/bin/sh /etc/rc.shutdown";
>>>>
>>>> thenameofthejail {
>>>> host.hostname = host.domain.tld;
>>>> path = /the/path/to/the/jail
>>>> ip4.addr = 192.168.0.12;
>>>> }
>>>>
>>>> and start it up with
>>>>
>>>> # jail -c thenameofthejail
>>>>
>>>> And another handy tip you can avoid building a jail with make by
>>>> extacting the base.txz file found in places like the install
>>>> media
>>>> into
>>>> the jail directory
>> OK, so my jail.conf look like your jail.conf and when I type jls my
>> jail
>> have the IP 192.168.0.12 but when I type ifconfig in my jail I have
>> no ip...
> Is 192.168.0.12 your host IP? The jail needs a different static IP
> address e.g. 182,168.0.13. There are ways around this but usually you
> want a different IP. Each jail and the host have a different IP. The
> setting ip4.addr in jail.conf will cause jail(8) to create an alias
> with the new IP on the NIC specified by interface in jail.conf.
> Destroying the jail with `jail -r <jailname> ` removes the alias.
OK, I did'nt know jail -r for removing the alias, thanks !
>>> Oh and before I forget, the trickiest thing for me moving from
>>> ezjail
>>> to jail was updating. Assuming your jails are complete base systems
>>> and
>>> that you would like to use binary updates with freebsd-update, and
>>> you
>>> have completely sparated jails without any funny tricks to save
>>> space,
>>> here is Ike's simple jail update guide:
>>>
>>> edit the jail's freebsd-update.conf and change
>>>
>>> Components src world kernel
>>> -to-
>>> Components world
>>>
>>> then run freebsd-update like so:
>>>
>>> # freebsd-update -b /usr/jails/jaildir \
>>> -f usr/jails/jaildir/etc/freebsd-update.conf \
>>> -d /usr/jails/jaildir/var/db/freebsd-update fetch
>>> # freebsd-update -b /usr/jails/jaildir \
>>> -f /usr/jails/jaildir/etc/freebsd-update.conf \
>>> -d /usr/jails/jaildir/var/db/freebsd-update install
>>>
>>> Using the -f flag keeps the jail from using the host config since
>>> jails
>>> cannot update kernels anyway. And -d keeps jails and hosts from
>>> trampling each other which is nice if you want to do more than one
>>> at a
>>> time, or if you use freebsd-update cron.
>> Thanks for tip !
But anyway, the jail I try to configure is on a remote computer and he
just has gone to shutdown... and to turn on I have to do some
kilometers and I haven't the time for the moment... So for the moment
subject is closed, thanks for your incredible help all !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?566DBECE.1000602>