(create a virtual network interface, and use packet filter)
# ifconfig lo1 create
# ifconfig lo1 inet 10.0.1.1 netmask 255.255.255.0
# touch /etc/start_if.lo1
# echo ifconfig lo1 create /etc/start_if.lo1
# cp /usr/share/examples/pf/pf.conf /etc/
(existance of pf.conf is just necessary, later I setup a complete one)
(allow networking for jails - required for the installation of ports)
* # echo 'nat on bge0 from lo1:network to any - (bge0)' /etc/pf.conf
# pfctl -d
# pfctl -e -f /etc/pf.conf
# echo '
and use this in rc.conf
interfaces=lo0 bge0
cloned_interfaces=lo1
ifconfig_re0=inet PUBL_IP netmask 255.255.255.128 -rxcsum -txcsum
ifconfig_re0_alias0=inet PUBL_IP_2 netmask 255.255.255.128
ifconfig_lo1=inet 10.0.1.1 netmask 255.255.255.0
ifconfig_lo1_alias0=inet 10.0.1.2/24
ifconfig_lo1_alias1=inet 10.0.1.3/32
On Tue, Nov 17, 2009 at 1:00 PM, freebsd-jail-requ...@freebsd.org wrote:
Send freebsd-jail mailing list submissions to
freebsd-jail@freebsd.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
or, via email, send a message with subject or body 'help' to
freebsd-jail-requ...@freebsd.org
You can reach the person managing the list at
freebsd-jail-ow...@freebsd.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of freebsd-jail digest...
Today's Topics:
1. Re: Broadcast under Jail problems (Vagif Zeynalov)
2. Networking from jail (Scheithauer, Lars (FH))
3. Networking from jail - errata (Scheithauer, Lars (FH))
4. Re: Networking from jail - errata (Bjoern A. Zeeb)
5. AW: Networking from jail - errata (Scheithauer, Lars (FH))
6. Re: AW: Networking from jail - errata (Bjoern A. Zeeb)
7. AW: AW: Networking from jail - errata (Scheithauer, Lars (FH))
--
Message: 1
Date: Mon, 16 Nov 2009 16:14:59 +0300
From: Vagif Zeynalov va...@zeynalov.com
Subject: Re: Broadcast under Jail problems
To: Bjoern A. Zeeb bzeeb-li...@lists.zabbadoz.net
Cc: freebsd-jail@freebsd.org
Message-ID: a9332ade8f494076a02daff06daad...@vagifpc
Content-Type: text/plain; format=flowed; charset=iso-8859-1;
reply-type=response
...I can provide more details if it will be necessary...
error ogs from the application would be interesting to see which
(sys)call return which error so that we can narrow it down.
You know, to make the answer I just rebuild the mediatomb on the clear jail
machine and... the problem has been disappeared!
It's very strange, because I already did it before few times.
Whatever, sorry guys for disturb. ;-))
I have to investigate, what did I change at last night in the system.
Regards,
Vagif
--
Message: 2
Date: Tue, 17 Nov 2009 10:18:59 +0100
From: Scheithauer, Lars (FH) lars.scheitha...@fh-heidelberg.de
Subject: Networking from jail
To: freebsd-jail@freebsd.org
Message-ID:
26040005b7f3aa41a0345bce386ca09701c62...@fhclusrv-ex.dcs.fh-heidelberg.de
Content-Type: text/plain; charset=us-ascii
Hi everyone!
I'm having a little trouble with my jail's networking and I'm not sure
what to make of it.
My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The
jailhost has both IP-adresses, the jail has just it's own:
Jail# ifconfig
bce0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu
1500
options=1bbRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,
TSO4
ether xx:xx:xx:xx:xx:10
inet x.y.z.60 netmask 0xffc0 broadcast x.y.z.63
media: Ethernet autoselect (1000baseSX full-duplex)
status: active
[...]
Host# ifconfig
bce0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu
1500
options=1bbRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,
TSO4
ether xx:xx:xx:xx:xx:10
inet x.y.z.61 netmask 0xffc0 broadcast x.y.z.63
inet x.y.z.60 netmask 0xffc0 broadcast x.y.z.63
media: Ethernet autoselect (1000baseSX full-duplex)
status: active
[...]
I am able to access the ssh-server running on the jail, and I am able to
access the proxyserver of our network via telnet and get some pages of
the internet. However, if I want to install something from the ports,
the jail is unable to fetch it:
Jail# cd /usr/ports/ftp/wget
Jail# make
=== Vulnerability check disabled, database not found
=== Found saved configuration for wget-1.11.4_1
= wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
= Attempting to fetch from http://ftp.gnu.org/gnu/wget/.
fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed
out
= Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/.
[...]
I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY
and FTP_PROXY. If I test the connection