Re: Configuring network without ezjail

2015-12-13 Thread Michael B. Eichorn 
On Sun, 2015-12-13 at 05:45 +, marcel wrote:
> 
> On 12/12/2015 02:59, Michael B. Eichorn wrote:
> > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
> > > On Sat, 2015-12-12 at 02:08 +, marcel wrote:
> > > > ... and I think I have enabling gateway, I wrote thins in both
> > > > of
> > > > my
> > > > rc.conf (jail and host):
> > > > 
> > > > gateway_enable="YES"
> > > > 
> > > > Is it correct ?
> > > You only need gateway_enable if you are doing routing, it is not
> > > necessary for a typical jail setup. Most of the time you are just
> > > adding an alias to the host's nic.
> OK so if I want to my jail can access to internet I have to do
> routing,
> right ?

No. In your other email you mentioned the host is behind a router, just
assign the jail a static ip on the same subnet as the host. The router
will treat it very similarly to adding another computer via a switch.

> > > > But I don't think I have DNS problems, my host correctly access
> > > > to
> > > > the
> > > > internet and the resolv.conf of my jail and my host are same...
> > > > 
> > > > On 12/12/2015 01:50, marcel wrote:
> > > > > No I don't get to have an IP address... Yet I have writed
> > > > > this in
> > > > > my
> > > > > host's rc.conf:
> > > > > 
> > > > > jail_enable="YES"
> > > > > jail_list="thename"
> > > > > jail_guantanamo_rootdir="thepath"
> > > > > jail_guantanamo_hostname="thename"
> > > > > jail_guantanamo_ip="192.168.0.12"
> > > > > 
> > > > > and I use the command:
> > > > > 
> > > > > jail thepath thename 192.168.0.12 /bin/csh
> > > > > 
> > > > > to connect to my jail...
> > > > > 
> > > > > On 11/12/2015 23:31, Dirk Engling wrote:
> > > > > > On 12.12.15 01:19, marcel wrote:
> > > > > > 
> > > > > > > I would like to know if it is possible to configure a
> > > > > > > jail's
> > > > > > > network for
> > > > > > > accessing to the World Wide Web but without ezjail ?
> > > > > > > I have created my jail without ezjail (mkdir jail, make
> > > > > > > installworld,
> > > > > > > etc...) and I would like to continue without it if it's
> > > > > > > possible...
> > > > > > Sure, why doesn't it connect to the net? Does it have a
> > > > > > RFC1918
> > > > > > IP? If
> > > > > > so, you need to enable NAT. If not, did you enable
> > > > > > gatewaying?
> > > > > > Maybe you
> > > > > > just have DNS problems, so is your resolv.conf set up
> > > > > > properly?
> > > > > > 
> > > > > > Without knowing what exactly is not working, I can not help
> > > > > > you.
> > > > > > 
> > > > > >   erdgeist
> > > I think you found some old instructions, assuming a 10.x system
> > > here
> > > is
> > > the boilerplate for a typical jail:
> > > 
> > > rc.conf:
> > > 
> > >   jail_enable="YES"
> > > 
> > > jail.conf:
> > > 
> > >   interface = re0;
> > >   mount.devfs;
> > >   exec.start = "/bin/sh /etc/rc";
> > >   exec.stop = "/bin/sh /etc/rc.shutdown";
> > > 
> > >   thenameofthejail {
> > > host.hostname = host.domain.tld;
> > >   path = /the/path/to/the/jail
> > > ip4.addr = 192.168.0.12;
> > >   }
> > > 
> > > and start it up with
> > > 
> > > # jail -c thenameofthejail
> > > 
> > > And another handy tip you can avoid building a jail with make by
> > > extacting the base.txz file found in places like the install
> > > media
> > > into
> > > the jail directory
> OK, so my jail.conf look like your jail.conf and when I type jls my
> jail
> have the IP 192.168.0.12 but when I type ifconfig in my jail I have
> no ip...

Is 192.168.0.12 your host IP? The jail needs a different static IP
address e.g. 182,168.0.13. There are ways around this but usually you
want a different IP. Each jail and the host have a different IP. The
setting ip4.addr in jail.conf will cause jail(8) to create an alias
with the new IP on the NIC specified by interface in jail.conf.
Destroying the jail with `jail -r  ` removes the alias.

> > Oh and before I forget, the trickiest thing for me moving from
> > ezjail
> > to jail was updating. Assuming your jails are complete base systems
> > and
> > that you would like to use binary updates with freebsd-update, and
> > you
> > have completely sparated jails without any funny tricks to save
> > space,
> > here is Ike's simple jail update guide:
> > 
> > edit the jail's freebsd-update.conf and change
> > 
> > Components src world kernel
> > -to-
> > Components world
> > 
> > then run freebsd-update like so:
> > 
> > # freebsd-update -b /usr/jails/jaildir \
> > -f usr/jails/jaildir/etc/freebsd-update.conf \
> > -d /usr/jails/jaildir/var/db/freebsd-update fetch
> > # freebsd-update -b /usr/jails/jaildir \
> > -f /usr/jails/jaildir/etc/freebsd-update.conf \
> > -d /usr/jails/jaildir/var/db/freebsd-update install
> > 
> > Using the -f flag keeps the jail from using the host config since
> > jails
> > cannot update kernels anyway. And -d keeps jails and hosts from
> > trampling each other which is nice if you want to do more than one
> > at a
> > time, or if you use

Re: Configuring network without ezjail

2015-12-13 Thread marcel 


On 13/12/2015 07:50, Sami Halabi wrote:
>
> hi,
> I think you need to configure the ip in the host first kater it'll be
> seen in the jail.
>
> using rf 1918 addreses means you need NAT  in your router to have 
> access the internet.
> rather than that using the term 'routing' is incorrecg unless you have
> multiple hops to get the packets to the router.
>
> Sami
>
The IP on the host works perfectly, internet access too...
But anyway the remote machine on which the jail is on has suddently
shutdown and I can't turn on for the moment so subject is closed...
Thanks for your help !
>
> בתאריך 13 בדצמ׳ 2015 6:45 AM,‏ "marcel"  > כתב:
>
>
>
> On 12/12/2015 02:59, Michael B. Eichorn wrote:
> > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
> >> On Sat, 2015-12-12 at 02:08 +, marcel wrote:
> >>> ... and I think I have enabling gateway, I wrote thins in both of
> >>> my
> >>> rc.conf (jail and host):
> >>>
> >>> gateway_enable="YES"
> >>>
> >>> Is it correct ?
> >> You only need gateway_enable if you are doing routing, it is not
> >> necessary for a typical jail setup. Most of the time you are just
> >> adding an alias to the host's nic.
> OK so if I want to my jail can access to internet I have to do
> routing,
> right ?
> >>> But I don't think I have DNS problems, my host correctly access to
> >>> the
> >>> internet and the resolv.conf of my jail and my host are same...
> >>>
> >>> On 12/12/2015 01:50, marcel wrote:
>  No I don't get to have an IP address... Yet I have writed this in
>  my
>  host's rc.conf:
> 
>  jail_enable="YES"
>  jail_list="thename"
>  jail_guantanamo_rootdir="thepath"
>  jail_guantanamo_hostname="thename"
>  jail_guantanamo_ip="192.168.0.12"
> 
>  and I use the command:
> 
>  jail thepath thename 192.168.0.12 /bin/csh
> 
>  to connect to my jail...
> 
>  On 11/12/2015 23:31, Dirk Engling wrote:
> > On 12.12.15 01:19, marcel wrote:
> >
> >> I would like to know if it is possible to configure a jail's
> >> network for
> >> accessing to the World Wide Web but without ezjail ?
> >> I have created my jail without ezjail (mkdir jail, make
> >> installworld,
> >> etc...) and I would like to continue without it if it's
> >> possible...
> > Sure, why doesn't it connect to the net? Does it have a RFC1918
> > IP? If
> > so, you need to enable NAT. If not, did you enable gatewaying?
> > Maybe you
> > just have DNS problems, so is your resolv.conf set up properly?
> >
> > Without knowing what exactly is not working, I can not help
> > you.
> >
> >   erdgeist
> >> I think you found some old instructions, assuming a 10.x system
> here
> >> is
> >> the boilerplate for a typical jail:
> >>
> >> rc.conf:
> >>
> >>   jail_enable="YES"
> >>
> >> jail.conf:
> >>
> >>   interface = re0;
> >>   mount.devfs;
> >>   exec.start = "/bin/sh /etc/rc";
> >>   exec.stop = "/bin/sh /etc/rc.shutdown";
> >>
> >>   thenameofthejail {
> >> host.hostname = host.domain.tld;
> >>  path = /the/path/to/the/jail
> >> ip4.addr = 192.168.0.12;
> >>   }
> >>
> >> and start it up with
> >>
> >> # jail -c thenameofthejail
> >>
> >> And another handy tip you can avoid building a jail with make by
> >> extacting the base.txz file found in places like the install media
> >> into
> >> the jail directory
> OK, so my jail.conf look like your jail.conf and when I type jls
> my jail
> have the IP 192.168.0.12 but when I type ifconfig in my jail I
> have no ip...
> > Oh and before I forget, the trickiest thing for me moving from
> ezjail
> > to jail was updating. Assuming your jails are complete base
> systems and
> > that you would like to use binary updates with freebsd-update,
> and you
> > have completely sparated jails without any funny tricks to save
> space,
> > here is Ike's simple jail update guide:
> >
> > edit the jail's freebsd-update.conf and change
> >
> > Components src world kernel
> > -to-
> > Components world
> >
> > then run freebsd-update like so:
> >
> > # freebsd-update -b /usr/jails/jaildir \
> >   -f usr/jails/jaildir/etc/freebsd-update.conf \
> >   -d /usr/jails/jaildir/var/db/freebsd-update fetch
> > # freebsd-update -b /usr/jails/jaildir \
> >   -f /usr/jails/jaildir/etc/freebsd-update.conf \
> >   -d /usr/jails/jaildir/var/db/freebsd-update install
> >
> > Using the -f flag keeps the jail from using the

Re: Configuring network without ezjail

2015-12-13 Thread marcel 


On 13/12/2015 14:14, Michael B. Eichorn wrote:
> On Sun, 2015-12-13 at 05:45 +, marcel wrote:
>> On 12/12/2015 02:59, Michael B. Eichorn wrote:
>>> On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
 On Sat, 2015-12-12 at 02:08 +, marcel wrote:
> ... and I think I have enabling gateway, I wrote thins in both
> of
> my
> rc.conf (jail and host):
>
> gateway_enable="YES"
>
> Is it correct ?
 You only need gateway_enable if you are doing routing, it is not
 necessary for a typical jail setup. Most of the time you are just
 adding an alias to the host's nic.
>> OK so if I want to my jail can access to internet I have to do
>> routing,
>> right ?
> No. In your other email you mentioned the host is behind a router, just
> assign the jail a static ip on the same subnet as the host. The router
> will treat it very similarly to adding another computer via a switch.
I've already done this and it doesn't work, jls show the address I have
configured but when ifconfig shownothing in the jail, and still have no
internet cnnection in the jail...
>
> But I don't think I have DNS problems, my host correctly access
> to
> the
> internet and the resolv.conf of my jail and my host are same...
>
> On 12/12/2015 01:50, marcel wrote:
>> No I don't get to have an IP address... Yet I have writed
>> this in
>> my
>> host's rc.conf:
>>
>> jail_enable="YES"
>> jail_list="thename"
>> jail_guantanamo_rootdir="thepath"
>> jail_guantanamo_hostname="thename"
>> jail_guantanamo_ip="192.168.0.12"
>>
>> and I use the command:
>>
>> jail thepath thename 192.168.0.12 /bin/csh
>>
>> to connect to my jail...
>>
>> On 11/12/2015 23:31, Dirk Engling wrote:
>>> On 12.12.15 01:19, marcel wrote:
>>>
 I would like to know if it is possible to configure a
 jail's
 network for
 accessing to the World Wide Web but without ezjail ?
 I have created my jail without ezjail (mkdir jail, make
 installworld,
 etc...) and I would like to continue without it if it's
 possible...
>>> Sure, why doesn't it connect to the net? Does it have a
>>> RFC1918
>>> IP? If
>>> so, you need to enable NAT. If not, did you enable
>>> gatewaying?
>>> Maybe you
>>> just have DNS problems, so is your resolv.conf set up
>>> properly?
>>>
>>> Without knowing what exactly is not working, I can not help
>>> you.
>>>
>>>   erdgeist
 I think you found some old instructions, assuming a 10.x system
 here
 is
 the boilerplate for a typical jail:

 rc.conf:

   jail_enable="YES"

 jail.conf:

   interface = re0;
   mount.devfs;
   exec.start = "/bin/sh /etc/rc";
   exec.stop = "/bin/sh /etc/rc.shutdown";

   thenameofthejail {
 host.hostname = host.domain.tld;
path = /the/path/to/the/jail
 ip4.addr = 192.168.0.12;
   }

 and start it up with

 # jail -c thenameofthejail

 And another handy tip you can avoid building a jail with make by
 extacting the base.txz file found in places like the install
 media
 into
 the jail directory
>> OK, so my jail.conf look like your jail.conf and when I type jls my
>> jail
>> have the IP 192.168.0.12 but when I type ifconfig in my jail I have
>> no ip...
> Is 192.168.0.12 your host IP? The jail needs a different static IP
> address e.g. 182,168.0.13. There are ways around this but usually you
> want a different IP. Each jail and the host have a different IP. The
> setting ip4.addr in jail.conf will cause jail(8) to create an alias
> with the new IP on the NIC specified by interface in jail.conf.
> Destroying the jail with `jail -r  ` removes the alias.
OK, I did'nt know jail -r for removing the alias, thanks !
>>> Oh and before I forget, the trickiest thing for me moving from
>>> ezjail
>>> to jail was updating. Assuming your jails are complete base systems
>>> and
>>> that you would like to use binary updates with freebsd-update, and
>>> you
>>> have completely sparated jails without any funny tricks to save
>>> space,
>>> here is Ike's simple jail update guide:
>>>
>>> edit the jail's freebsd-update.conf and change
>>>
>>> Components src world kernel
>>> -to-
>>> Components world
>>>
>>> then run freebsd-update like so:
>>>
>>> # freebsd-update -b /usr/jails/jaildir \
>>> -f usr/jails/jaildir/etc/freebsd-update.conf \
>>> -d /usr/jails/jaildir/var/db/freebsd-update fetch
>>> # freebsd-update -b /usr/jails/jaildir \
>>> -f /usr/jails/jaildir/etc/freebsd-update.conf \
>>> -d /usr/jails/jaildir/var/db/freebsd-update install
>>>
>>> Using the -f flag keeps the jail from using the host config since
>>> jails
>>> cannot update kernels anyway. And -d keeps jails and hosts from
>>> trampling each other which is nice if you

Re: Configuring network without ezjail

2015-12-13 Thread Michael B. Eichorn 
On Sun, 2015-12-13 at 18:54 +, marcel wrote:
> 
> On 13/12/2015 14:14, Michael B. Eichorn wrote:
> > On Sun, 2015-12-13 at 05:45 +, marcel wrote:
> > > On 12/12/2015 02:59, Michael B. Eichorn wrote:
> > > > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
> > > > > On Sat, 2015-12-12 at 02:08 +, marcel wrote:
> > > > > > ... and I think I have enabling gateway, I wrote thins in
> > > > > > both
> > > > > > of
> > > > > > my
> > > > > > rc.conf (jail and host):
> > > > > > 
> > > > > > gateway_enable="YES"
> > > > > > 
> > > > > > Is it correct ?
> > > > > You only need gateway_enable if you are doing routing, it is
> > > > > not
> > > > > necessary for a typical jail setup. Most of the time you are
> > > > > just
> > > > > adding an alias to the host's nic.
> > > OK so if I want to my jail can access to internet I have to do
> > > routing,
> > > right ?
> > No. In your other email you mentioned the host is behind a router,
> > just
> > assign the jail a static ip on the same subnet as the host. The
> > router
> > will treat it very similarly to adding another computer via a
> > switch.
> I've already done this and it doesn't work, jls show the address I
> have
> configured but when ifconfig shownothing in the jail, and still have
> no
> internet cnnection in the jail...

Does ifconfig on the host show the jail's ip added as an alias?

> > 
> > > > > > But I don't think I have DNS problems, my host correctly
> > > > > > access
> > > > > > to
> > > > > > the
> > > > > > internet and the resolv.conf of my jail and my host are
> > > > > > same...
> > > > > > 
> > > > > > On 12/12/2015 01:50, marcel wrote:
> > > > > > > No I don't get to have an IP address... Yet I have writed
> > > > > > > this in
> > > > > > > my
> > > > > > > host's rc.conf:
> > > > > > > 
> > > > > > > jail_enable="YES"
> > > > > > > jail_list="thename"
> > > > > > > jail_guantanamo_rootdir="thepath"
> > > > > > > jail_guantanamo_hostname="thename"
> > > > > > > jail_guantanamo_ip="192.168.0.12"
> > > > > > > 
> > > > > > > and I use the command:
> > > > > > > 
> > > > > > > jail thepath thename 192.168.0.12 /bin/csh
> > > > > > > 
> > > > > > > to connect to my jail...
> > > > > > > 
> > > > > > > On 11/12/2015 23:31, Dirk Engling wrote:
> > > > > > > > On 12.12.15 01:19, marcel wrote:
> > > > > > > > 
> > > > > > > > > I would like to know if it is possible to configure a
> > > > > > > > > jail's
> > > > > > > > > network for
> > > > > > > > > accessing to the World Wide Web but without ezjail ?
> > > > > > > > > I have created my jail without ezjail (mkdir jail,
> > > > > > > > > make
> > > > > > > > > installworld,
> > > > > > > > > etc...) and I would like to continue without it if
> > > > > > > > > it's
> > > > > > > > > possible...
> > > > > > > > Sure, why doesn't it connect to the net? Does it have a
> > > > > > > > RFC1918
> > > > > > > > IP? If
> > > > > > > > so, you need to enable NAT. If not, did you enable
> > > > > > > > gatewaying?
> > > > > > > > Maybe you
> > > > > > > > just have DNS problems, so is your resolv.conf set up
> > > > > > > > properly?
> > > > > > > > 
> > > > > > > > Without knowing what exactly is not working, I can not
> > > > > > > > help
> > > > > > > > you.
> > > > > > > > 
> > > > > > > >   erdgeist
> > > > > I think you found some old instructions, assuming a 10.x
> > > > > system
> > > > > here
> > > > > is
> > > > > the boilerplate for a typical jail:
> > > > > 
> > > > > rc.conf:
> > > > > 
> > > > >   jail_enable="YES"
> > > > > 
> > > > > jail.conf:
> > > > > 
> > > > >   interface = re0;
> > > > >   mount.devfs;
> > > > >   exec.start = "/bin/sh /etc/rc";
> > > > >   exec.stop = "/bin/sh /etc/rc.shutdown";
> > > > > 
> > > > >   thenameofthejail {
> > > > > host.hostname = host.domain.tld;
> > > > >   path = /the/path/to/the/jail
> > > > > ip4.addr = 192.168.0.12;
> > > > >   }
> > > > > 
> > > > > and start it up with
> > > > > 
> > > > > # jail -c thenameofthejail
> > > > > 
> > > > > And another handy tip you can avoid building a jail with make
> > > > > by
> > > > > extacting the base.txz file found in places like the install
> > > > > media
> > > > > into
> > > > > the jail directory
> > > OK, so my jail.conf look like your jail.conf and when I type jls
> > > my
> > > jail
> > > have the IP 192.168.0.12 but when I type ifconfig in my jail I
> > > have
> > > no ip...
> > Is 192.168.0.12 your host IP? The jail needs a different static IP
> > address e.g. 182,168.0.13. There are ways around this but usually
> > you
> > want a different IP. Each jail and the host have a different IP.
> > The
> > setting ip4.addr in jail.conf will cause jail(8) to create an alias
> > with the new IP on the NIC specified by interface in jail.conf.
> > Destroying the jail with `jail -r  ` removes the alias.
> OK, I did'nt know jail -r for removing the alias, thanks !

Not just removing the alias, `jail -c ` starts the jail
 configured in jail.conf, `jail -r ` stops the

Re: Configuring network without ezjail

2015-12-13 Thread marcel 


On 13/12/2015 06:07, James Gritton wrote:
> On 2015-12-12 23:18, marcel wrote:
>> On 12/12/2015 18:10, James Gritton wrote:
>>> On 2015-12-11 18:50, marcel wrote:
 No I don't get to have an IP address... Yet I have writed this in my
 host's rc.conf:

 jail_enable="YES"
 jail_list="thename"
 jail_guantanamo_rootdir="thepath"
 jail_guantanamo_hostname="thename"
 jail_guantanamo_ip="192.168.0.12"

 and I use the command:

 jail thepath thename 192.168.0.12 /bin/csh

 to connect to my jail...
>>>
>>> Is the jail even created?  You show jail_name as "thename", but the
>>> jail config variables are jail_quantanamo_*.  So when you say
>>> "thename" do you really mean quantanamo?  Because if you don't, then
>>> the jail won't get configured at startup.
>>>
>>> The command you're using to connect to the jail is actually a command
>>> that creates a jail.  That's probably not what you want, as that jail
>>> is likely to disappear again after you exit from it.  You should be
>>> using jexec(8), assuming your jail has been properly created in the
>>> first place.
>>>
>>> Now to the IP address: is your entire box behind some gateway, where
>>> it uses a 192.168 address?  If it isn't, you'll need more than to just
>>> declare such an address - you'll need a jail with vnet, which is
>>> rather more complex.  But if it is, then the question becomes: is
>>> 192.168.0.12 the host address, i.e. are you creating a jail that
>>> shares the host address?  If you are it should work, but most jails
>>> aren't done this way.
>>>
>>> Specifying a jail's IP address only tell which of the host's existing
>>> addresses to use.  If that address isn't already set up, it won't be
>>> used - unless you tell it to.  If you're still using the rc.conf-based
>>> jail specification, you can set jail_interface (or
>>> jail_quantanamo_interface) to the name of the network interface where
>>> the host's main IP address lives (e.g. "em0" or somesuch).  Such a
>>> config line is likely all you need.
>>>
>>> - Jamie
>> Yes, the jail is created with the make installworld, make distribution,
>> jail -c , etc method and I launch it with jail -c guantanamo and connect
>> to it with jexec id shell.
>>
>> Yes, sorry I have badly explained so jail_name="thename", thename is
>> guantanamo.
>>
>> My host is behind a router that provide me an internet access yes and
>> yes 192.168.0.12 is my host ip so yes my jail share the host address.
>> jls command show me this address but ifconfig command (in my jail) show
>> me no address...
>>
>> I've read that in my case I've just need of jail_enable="YES" in my
>> rc.conf... I will add with most of jail_guantanamo* variable and test...
>
> If 192.168.0.12 is your host IP, try creating the jail without IP
> address restrictions.  I don't think you can do that with with the old
> rc.conf-based specification, but with a jail.conf file (or from a
> command line), you just add "ip4=inherit" and don't mention an
> ip4.address at all.  That will create a jail that has access to all of
> the host IP addresses.
>
> - Jamie
I was trying what you said but the remote machine where the jail is on
has gone to shutdown (I don't know why...) and I have to do some
kilometers to turn on and I haven't the time for the moment so subject
is closed for the moment... Thanks a lot for your help, I will try again
the next time...
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Configuring network without ezjail

2015-12-12 Thread marcel 


On 12/12/2015 18:10, James Gritton wrote:
> On 2015-12-11 18:50, marcel wrote:
>> No I don't get to have an IP address... Yet I have writed this in my
>> host's rc.conf:
>>
>> jail_enable="YES"
>> jail_list="thename"
>> jail_guantanamo_rootdir="thepath"
>> jail_guantanamo_hostname="thename"
>> jail_guantanamo_ip="192.168.0.12"
>>
>> and I use the command:
>>
>> jail thepath thename 192.168.0.12 /bin/csh
>>
>> to connect to my jail...
>
> Is the jail even created?  You show jail_name as "thename", but the
> jail config variables are jail_quantanamo_*.  So when you say
> "thename" do you really mean quantanamo?  Because if you don't, then
> the jail won't get configured at startup.
>
> The command you're using to connect to the jail is actually a command
> that creates a jail.  That's probably not what you want, as that jail
> is likely to disappear again after you exit from it.  You should be
> using jexec(8), assuming your jail has been properly created in the
> first place.
>
> Now to the IP address: is your entire box behind some gateway, where
> it uses a 192.168 address?  If it isn't, you'll need more than to just
> declare such an address - you'll need a jail with vnet, which is
> rather more complex.  But if it is, then the question becomes: is
> 192.168.0.12 the host address, i.e. are you creating a jail that
> shares the host address?  If you are it should work, but most jails
> aren't done this way.
>
> Specifying a jail's IP address only tell which of the host's existing
> addresses to use.  If that address isn't already set up, it won't be
> used - unless you tell it to.  If you're still using the rc.conf-based
> jail specification, you can set jail_interface (or
> jail_quantanamo_interface) to the name of the network interface where
> the host's main IP address lives (e.g. "em0" or somesuch).  Such a
> config line is likely all you need.
>
> - Jamie
Yes, the jail is created with the make installworld, make distribution,
jail -c , etc method and I launch it with jail -c guantanamo and connect
to it with jexec id shell.

Yes, sorry I have badly explained so jail_name="thename", thename is
guantanamo.

My host is behind a router that provide me an internet access yes and
yes 192.168.0.12 is my host ip so yes my jail share the host address.
jls command show me this address but ifconfig command (in my jail) show
me no address...

I've read that in my case I've just need of jail_enable="YES" in my
rc.conf... I will add with most of jail_guantanamo* variable and test...
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Configuring network without ezjail

2015-12-12 Thread Sami Halabi 
hi,
I think you need to configure the ip in the host first kater it'll be seen
in the jail.

using rf 1918 addreses means you need NAT  in your router to have  access
the internet.
rather than that using the term 'routing' is incorrecg unless you have
multiple hops to get the packets to the router.

Sami
בתאריך 13 בדצמ׳ 2015 6:45 AM,‏ "marcel"  כתב:

>
>
> On 12/12/2015 02:59, Michael B. Eichorn wrote:
> > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
> >> On Sat, 2015-12-12 at 02:08 +, marcel wrote:
> >>> ... and I think I have enabling gateway, I wrote thins in both of
> >>> my
> >>> rc.conf (jail and host):
> >>>
> >>> gateway_enable="YES"
> >>>
> >>> Is it correct ?
> >> You only need gateway_enable if you are doing routing, it is not
> >> necessary for a typical jail setup. Most of the time you are just
> >> adding an alias to the host's nic.
> OK so if I want to my jail can access to internet I have to do routing,
> right ?
> >>> But I don't think I have DNS problems, my host correctly access to
> >>> the
> >>> internet and the resolv.conf of my jail and my host are same...
> >>>
> >>> On 12/12/2015 01:50, marcel wrote:
>  No I don't get to have an IP address... Yet I have writed this in
>  my
>  host's rc.conf:
> 
>  jail_enable="YES"
>  jail_list="thename"
>  jail_guantanamo_rootdir="thepath"
>  jail_guantanamo_hostname="thename"
>  jail_guantanamo_ip="192.168.0.12"
> 
>  and I use the command:
> 
>  jail thepath thename 192.168.0.12 /bin/csh
> 
>  to connect to my jail...
> 
>  On 11/12/2015 23:31, Dirk Engling wrote:
> > On 12.12.15 01:19, marcel wrote:
> >
> >> I would like to know if it is possible to configure a jail's
> >> network for
> >> accessing to the World Wide Web but without ezjail ?
> >> I have created my jail without ezjail (mkdir jail, make
> >> installworld,
> >> etc...) and I would like to continue without it if it's
> >> possible...
> > Sure, why doesn't it connect to the net? Does it have a RFC1918
> > IP? If
> > so, you need to enable NAT. If not, did you enable gatewaying?
> > Maybe you
> > just have DNS problems, so is your resolv.conf set up properly?
> >
> > Without knowing what exactly is not working, I can not help
> > you.
> >
> >   erdgeist
> >> I think you found some old instructions, assuming a 10.x system here
> >> is
> >> the boilerplate for a typical jail:
> >>
> >> rc.conf:
> >>
> >>   jail_enable="YES"
> >>
> >> jail.conf:
> >>
> >>   interface = re0;
> >>   mount.devfs;
> >>   exec.start = "/bin/sh /etc/rc";
> >>   exec.stop = "/bin/sh /etc/rc.shutdown";
> >>
> >>   thenameofthejail {
> >> host.hostname = host.domain.tld;
> >>  path = /the/path/to/the/jail
> >> ip4.addr = 192.168.0.12;
> >>   }
> >>
> >> and start it up with
> >>
> >> # jail -c thenameofthejail
> >>
> >> And another handy tip you can avoid building a jail with make by
> >> extacting the base.txz file found in places like the install media
> >> into
> >> the jail directory
> OK, so my jail.conf look like your jail.conf and when I type jls my jail
> have the IP 192.168.0.12 but when I type ifconfig in my jail I have no
> ip...
> > Oh and before I forget, the trickiest thing for me moving from ezjail
> > to jail was updating. Assuming your jails are complete base systems and
> > that you would like to use binary updates with freebsd-update, and you
> > have completely sparated jails without any funny tricks to save space,
> > here is Ike's simple jail update guide:
> >
> > edit the jail's freebsd-update.conf and change
> >
> > Components src world kernel
> > -to-
> > Components world
> >
> > then run freebsd-update like so:
> >
> > # freebsd-update -b /usr/jails/jaildir \
> >   -f usr/jails/jaildir/etc/freebsd-update.conf \
> >   -d /usr/jails/jaildir/var/db/freebsd-update fetch
> > # freebsd-update -b /usr/jails/jaildir \
> >   -f /usr/jails/jaildir/etc/freebsd-update.conf \
> >   -d /usr/jails/jaildir/var/db/freebsd-update install
> >
> > Using the -f flag keeps the jail from using the host config since jails
> > cannot update kernels anyway. And -d keeps jails and hosts from
> > trampling each other which is nice if you want to do more than one at a
> > time, or if you use freebsd-update cron.
> Thanks for tip !
> ___
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Configuring network without ezjail

2015-12-12 Thread marcel 


On 12/12/2015 02:59, Michael B. Eichorn wrote:
> On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
>> On Sat, 2015-12-12 at 02:08 +, marcel wrote:
>>> ... and I think I have enabling gateway, I wrote thins in both of
>>> my
>>> rc.conf (jail and host):
>>>
>>> gateway_enable="YES"
>>>
>>> Is it correct ?
>> You only need gateway_enable if you are doing routing, it is not
>> necessary for a typical jail setup. Most of the time you are just
>> adding an alias to the host's nic.
OK so if I want to my jail can access to internet I have to do routing,
right ?
>>> But I don't think I have DNS problems, my host correctly access to
>>> the
>>> internet and the resolv.conf of my jail and my host are same...
>>>
>>> On 12/12/2015 01:50, marcel wrote:
 No I don't get to have an IP address... Yet I have writed this in
 my
 host's rc.conf:

 jail_enable="YES"
 jail_list="thename"
 jail_guantanamo_rootdir="thepath"
 jail_guantanamo_hostname="thename"
 jail_guantanamo_ip="192.168.0.12"

 and I use the command:

 jail thepath thename 192.168.0.12 /bin/csh

 to connect to my jail...

 On 11/12/2015 23:31, Dirk Engling wrote:
> On 12.12.15 01:19, marcel wrote:
>
>> I would like to know if it is possible to configure a jail's
>> network for
>> accessing to the World Wide Web but without ezjail ?
>> I have created my jail without ezjail (mkdir jail, make
>> installworld,
>> etc...) and I would like to continue without it if it's
>> possible...
> Sure, why doesn't it connect to the net? Does it have a RFC1918
> IP? If
> so, you need to enable NAT. If not, did you enable gatewaying?
> Maybe you
> just have DNS problems, so is your resolv.conf set up properly?
>
> Without knowing what exactly is not working, I can not help
> you.
>
>   erdgeist
>> I think you found some old instructions, assuming a 10.x system here
>> is
>> the boilerplate for a typical jail:
>>
>> rc.conf:
>>
>>   jail_enable="YES"
>>
>> jail.conf:
>>
>>   interface = re0;
>>   mount.devfs;
>>   exec.start = "/bin/sh /etc/rc";
>>   exec.stop = "/bin/sh /etc/rc.shutdown";
>>
>>   thenameofthejail {
>> host.hostname = host.domain.tld;
>>  path = /the/path/to/the/jail
>> ip4.addr = 192.168.0.12;
>>   }
>>
>> and start it up with
>>
>> # jail -c thenameofthejail
>>
>> And another handy tip you can avoid building a jail with make by
>> extacting the base.txz file found in places like the install media
>> into
>> the jail directory
OK, so my jail.conf look like your jail.conf and when I type jls my jail
have the IP 192.168.0.12 but when I type ifconfig in my jail I have no ip...
> Oh and before I forget, the trickiest thing for me moving from ezjail
> to jail was updating. Assuming your jails are complete base systems and
> that you would like to use binary updates with freebsd-update, and you
> have completely sparated jails without any funny tricks to save space,
> here is Ike's simple jail update guide:
>
> edit the jail's freebsd-update.conf and change
>
> Components src world kernel
> -to-
> Components world
>
> then run freebsd-update like so:
>
> # freebsd-update -b /usr/jails/jaildir \
>   -f usr/jails/jaildir/etc/freebsd-update.conf \
>   -d /usr/jails/jaildir/var/db/freebsd-update fetch
> # freebsd-update -b /usr/jails/jaildir \
>   -f /usr/jails/jaildir/etc/freebsd-update.conf \
>   -d /usr/jails/jaildir/var/db/freebsd-update install
>
> Using the -f flag keeps the jail from using the host config since jails
> cannot update kernels anyway. And -d keeps jails and hosts from
> trampling each other which is nice if you want to do more than one at a
> time, or if you use freebsd-update cron.
Thanks for tip !
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Configuring network without ezjail

2015-12-11 Thread marcel 
Hello everybody,

I would like to know if it is possible to configure a jail's network for
accessing to the World Wide Web but without ezjail ?
I have created my jail without ezjail (mkdir jail, make installworld,
etc...) and I would like to continue without it if it's possible...

Thanks,
marcel
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Configuring network without ezjail

2015-12-11 Thread Dirk Engling 
On 12.12.15 01:19, marcel wrote:

> I would like to know if it is possible to configure a jail's network for
> accessing to the World Wide Web but without ezjail ?
> I have created my jail without ezjail (mkdir jail, make installworld,
> etc...) and I would like to continue without it if it's possible...

Sure, why doesn't it connect to the net? Does it have a RFC1918 IP? If
so, you need to enable NAT. If not, did you enable gatewaying? Maybe you
just have DNS problems, so is your resolv.conf set up properly?

Without knowing what exactly is not working, I can not help you.

  erdgeist
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Configuring network without ezjail

2015-12-11 Thread Dirk Engling 
On 12.12.15 02:50, marcel wrote:
> No I don't get to have an IP address... Yet I have writed this in my
> host's rc.conf:
> 
> jail_enable="YES"
> jail_list="thename"
> jail_guantanamo_rootdir="thepath"
> jail_guantanamo_hostname="thename"
> jail_guantanamo_ip="192.168.0.12"

Well, what you write into your rc.conf is only relevant to the
/etc/rc.d/jail script. If you're not using the script, you don't need
these variables.

You might man to look up the jail.conf(5) man page.

> and I use the command:
> 
> jail thepath thename 192.168.0.12 /bin/csh

Looks like you need to create the jail first. Use the -c parameter to jail.

However I suggest to configure your jails with either a tool like ezjail
or at least start the jails with the /etc/rc.d/jail script.

  erdgeist
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Configuring network without ezjail

2015-12-11 Thread Michael B. Eichorn 
On Sat, 2015-12-12 at 02:08 +, marcel wrote:
> ... and I think I have enabling gateway, I wrote thins in both of my
> rc.conf (jail and host):
> 
> gateway_enable="YES"
> 
> Is it correct ?

You only need gateway_enable if you are doing routing, it is not
necessary for a typical jail setup. Most of the time you are just
adding an alias to the host's nic.

> 
> But I don't think I have DNS problems, my host correctly access to
> the
> internet and the resolv.conf of my jail and my host are same...
> 
> On 12/12/2015 01:50, marcel wrote:
> > No I don't get to have an IP address... Yet I have writed this in
> > my
> > host's rc.conf:
> > 
> > jail_enable="YES"
> > jail_list="thename"
> > jail_guantanamo_rootdir="thepath"
> > jail_guantanamo_hostname="thename"
> > jail_guantanamo_ip="192.168.0.12"
> > 
> > and I use the command:
> > 
> > jail thepath thename 192.168.0.12 /bin/csh
> > 
> > to connect to my jail...
> > 
> > On 11/12/2015 23:31, Dirk Engling wrote:
> > > On 12.12.15 01:19, marcel wrote:
> > > 
> > > > I would like to know if it is possible to configure a jail's
> > > > network for
> > > > accessing to the World Wide Web but without ezjail ?
> > > > I have created my jail without ezjail (mkdir jail, make
> > > > installworld,
> > > > etc...) and I would like to continue without it if it's
> > > > possible...
> > > Sure, why doesn't it connect to the net? Does it have a RFC1918
> > > IP? If
> > > so, you need to enable NAT. If not, did you enable gatewaying?
> > > Maybe you
> > > just have DNS problems, so is your resolv.conf set up properly?
> > > 
> > > Without knowing what exactly is not working, I can not help you.
> > > 
> > >   erdgeist

I think you found some old instructions, assuming a 10.x system here is
the boilerplate for a typical jail:

rc.conf:

  jail_enable="YES"

jail.conf:

  interface = re0;
  mount.devfs;
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";

  thenameofthejail {
host.hostname = host.domain.tld;
path = /the/path/to/the/jail
ip4.addr = 192.168.0.12;
  }

and start it up with

# jail -c thenameofthejail

And another handy tip you can avoid building a jail with make by
extacting the base.txz file found in places like the install media into
the jail directory.
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"