Hi Bjoern,
thanks for the clarification, I changed the values according to your
suggestions. However, it did not resolve the problem.
I've checked the proxy logfiles and it seems, that the Makefile(s) don't try to
access the proxy at all while fetching files. Is there any reason, why the
Makefile(s) should not use the *_PROXY-variables on the jails?
Best Regards,
Lars
-Ursprüngliche Nachricht-
Von: owner-freebsd-j...@freebsd.org [mailto:owner-freebsd-j...@freebsd.org] Im
Auftrag von Bjoern A. Zeeb
Gesendet: Dienstag, 17. November 2009 11:41
An: Scheithauer, Lars (FH)
Cc: freebsd-jail@freebsd.org
Betreff: Re: Networking from jail - errata
On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote:
Hi,
> Quick note:
> Forgot to replace two values.
> Jail - x.y.z.61
> Host - x.y.z.60
> Router - x.y.z.62
>
>
> -Ursprüngliche Nachricht-
> Von: owner-freebsd-j...@freebsd.org [mailto:owner-freebsd-j...@freebsd.org]
> Im Auftrag von Scheithauer, Lars (FH)
> Gesendet: Dienstag, 17. November 2009 10:19
> An: freebsd-jail@freebsd.org
> Betreff: Networking from jail
>
> Hi everyone!
>
> I'm having a little trouble with my jail's networking and I'm not sure
> what to make of it.
>
> My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The
> jailhost has both IP-adresses, the jail has just it's own:
>
> Jail# ifconfig
> bce0: flags=8843 metric 0 mtu
> 1500
>
> options=1bb TSO4>
>ether xx:xx:xx:xx:xx:10
>inet x.y.z.60 netmask 0xffc0 broadcast x.y.z.63
>media: Ethernet autoselect (1000baseSX )
>status: active
> [...]
> Host# ifconfig
> bce0: flags=8843 metric 0 mtu
> 1500
>
> options=1bb TSO4>
>ether xx:xx:xx:xx:xx:10
>inet x.y.z.61 netmask 0xffc0 broadcast x.y.z.63
>inet x.y.z.60 netmask 0xffc0 broadcast x.y.z.63
>media: Ethernet autoselect (1000baseSX )
>status: active
> [...]
>
> I am able to access the ssh-server running on the jail, and I am able to
> access the proxyserver of our network via telnet and get some pages of
> the internet. However, if I want to install something from the ports,
> the jail is unable to fetch it:
>
> Jail# cd /usr/ports/ftp/wget
> Jail# make
> ===> Vulnerability check disabled, database not found
> ===> Found saved configuration for wget-1.11.4_1
> => wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
> => Attempting to fetch from http://ftp.gnu.org/gnu/wget/.
> fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed
> out
> => Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/.
> [...]
>
> I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY
> and FTP_PROXY. If I test the connection with netcat, I get the following
> error message:
> # nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80
> nc: read failed (0/3): Broken pipe
The usual thing I am interested at that point is - does name
resolution work properly from within the jail? /etc/resolv.conf setup
correctly etc?
> The funny thing is, that I have no problem installing ports from the
> Host-system. From what I can tell, all the config files are correct:
>
> Jail# cat /etc/rc.conf
> sshd_enable="YES"
> ifconfig_bce0="inet x.y.z.60 netmask 255.255.255.192"
> defaultrouter="x.y.z.62"
> hostname="jail.example.com"
That's not going to work, really (the ifconfig, defaultrouter, and
unless you changed the defaults on the host system not even the
hostname). You should actually remove those.
> Host# cat /etc/rc.conf
> sshd_enable="NO"
> ifconfig_bce0="inet x.y.z.61 netmask 255.255.255.192"
> defaultrouter="x.y.z.62"
> hostname="host.example.com"
> ipv6_enable="NO"
> jail_enable="YES"
> jail_set_hostname_allow="NO"
> jail_list="jail"
> jail_jail_hostname="jail"
> jail_jail_ip="x.y.z.60"
> jail_jail_rootdir="my/jail/root"
> jail_jail_devfs_enable="YES"
That doesn't really match your ifconfig output from above; something
on the host system would have to set the IP address of the host. I
would expect something like (you may have mixed jail and host
addresses so properly sort this):
# host system IP address
ifconfig_bce0=inet x.y.z.61 netmask 255.255.255.192"
# jail IP address
ifconfig_bce0_alias0=inet x.y.z.60 netmask 255.255.255.255"
Note that the alias has a /32 netmask.
/bz
--
Bjoern A. Zeeb It will not break if you know what you are doing.
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"