Re: AW: AW: Networking from jail - errata

2009-11-17 Thread Miroslav Lachman 

Scheithauer, Lars (FH) wrote:

Hi Bjoern,

I did, but the error was somewhere else. I set the proxy through
set http_proxy="http://proxy.example.com:8080";
while the correct version would be
setenv http_proxy http://proxy.example.com:8080

In both cases, "echo $http_proxy" returns the correct entry. Could you explain 
the difference between set and setenv?


The differenc is, that 'set' is for shell variables (in scope of current 
shell) and 'setenv' is for environment variables.


If you use 'set' and then try to print the value from forked shell 
script, it will be empty. If you use 'setenv', the shell script will 
print the value.


See 'man tcsh' (if you are using tcsh as your login shell)

Miroslav Lachman
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

AW: AW: Networking from jail - errata

2009-11-17 Thread Scheithauer, Lars (FH) 
Hi Bjoern,

I did, but the error was somewhere else. I set the proxy through
set http_proxy="http://proxy.example.com:8080";
while the correct version would be
setenv http_proxy http://proxy.example.com:8080

In both cases, "echo $http_proxy" returns the correct entry. Could you explain 
the difference between set and setenv?

Best Regards,
Lars



-Ursprüngliche Nachricht-
Von: Bjoern A. Zeeb [mailto:bzeeb-li...@lists.zabbadoz.net] 
Gesendet: Dienstag, 17. November 2009 12:28
An: Scheithauer, Lars (FH)
Cc: freebsd-jail@freebsd.org
Betreff: Re: AW: Networking from jail - errata

On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote:

Hi,

> thanks for the clarification, I changed the values according to your 
> suggestions. However, it did not resolve the problem.

Did you aslo check resolv.conf inside the jail?
Does host www.freebsd.org work?


> I've checked the proxy logfiles and it seems, that the Makefile(s) don't try 
> to access the proxy at all while fetching files. Is there any reason, why the 
> Makefile(s) should not use the *_PROXY-variables on the jails?

I assume the proxy is squid and that the proxy itself works?
What if you set the http_proxy variables to an IP address rather than
the name (don't use 127.0.0.1 as address, just to rule that out as
well).

/bz

-- 
Bjoern A. Zeeb It will not break if you know what you are doing.
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: AW: Networking from jail - errata

2009-11-17 Thread Bjoern A. Zeeb 

On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote:

Hi,


thanks for the clarification, I changed the values according to your 
suggestions. However, it did not resolve the problem.


Did you aslo check resolv.conf inside the jail?
Does host www.freebsd.org work?



I've checked the proxy logfiles and it seems, that the Makefile(s) don't try to 
access the proxy at all while fetching files. Is there any reason, why the 
Makefile(s) should not use the *_PROXY-variables on the jails?


I assume the proxy is squid and that the proxy itself works?
What if you set the http_proxy variables to an IP address rather than
the name (don't use 127.0.0.1 as address, just to rule that out as
well).

/bz

--
Bjoern A. Zeeb It will not break if you know what you are doing.
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

AW: Networking from jail - errata

2009-11-17 Thread Scheithauer, Lars (FH) 
Hi Bjoern,

thanks for the clarification, I changed the values according to your 
suggestions. However, it did not resolve the problem.

I've checked the proxy logfiles and it seems, that the Makefile(s) don't try to 
access the proxy at all while fetching files. Is there any reason, why the 
Makefile(s) should not use the *_PROXY-variables on the jails?

Best Regards,
Lars



-Ursprüngliche Nachricht-
Von: owner-freebsd-j...@freebsd.org [mailto:owner-freebsd-j...@freebsd.org] Im 
Auftrag von Bjoern A. Zeeb
Gesendet: Dienstag, 17. November 2009 11:41
An: Scheithauer, Lars (FH)
Cc: freebsd-jail@freebsd.org
Betreff: Re: Networking from jail - errata

On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote:

Hi,

> Quick note:
> Forgot to replace two values.
> Jail - x.y.z.61
> Host - x.y.z.60
> Router - x.y.z.62
>
>
> -Ursprüngliche Nachricht-
> Von: owner-freebsd-j...@freebsd.org [mailto:owner-freebsd-j...@freebsd.org] 
> Im Auftrag von Scheithauer, Lars (FH)
> Gesendet: Dienstag, 17. November 2009 10:19
> An: freebsd-jail@freebsd.org
> Betreff: Networking from jail
>
> Hi everyone!
>
> I'm having a little trouble with my jail's networking and I'm not sure
> what to make of it.
>
> My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The
> jailhost has both IP-adresses, the jail has just it's own:
>
> Jail# ifconfig
> bce0: flags=8843 metric 0 mtu
> 1500
>
> options=1bb TSO4>
>ether xx:xx:xx:xx:xx:10
>inet x.y.z.60 netmask 0xffc0 broadcast x.y.z.63
>media: Ethernet autoselect (1000baseSX )
>status: active
> [...]
> Host# ifconfig
> bce0: flags=8843 metric 0 mtu
> 1500
>
> options=1bb TSO4>
>ether xx:xx:xx:xx:xx:10
>inet x.y.z.61 netmask 0xffc0 broadcast x.y.z.63
>inet x.y.z.60 netmask 0xffc0 broadcast x.y.z.63
>media: Ethernet autoselect (1000baseSX )
>status: active
> [...]
>
> I am able to access the ssh-server running on the jail, and I am able to
> access the proxyserver of our network via telnet and get some pages of
> the internet. However, if I want to install something from the ports,
> the jail is unable to fetch it:
>
> Jail# cd /usr/ports/ftp/wget
> Jail# make
> ===>  Vulnerability check disabled, database not found
> ===>  Found saved configuration for wget-1.11.4_1
> => wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
> => Attempting to fetch from http://ftp.gnu.org/gnu/wget/.
> fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed
> out
> => Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/.
> [...]
>
> I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY
> and FTP_PROXY. If I test the connection with netcat, I get the following
> error message:
> # nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80
> nc: read failed (0/3): Broken pipe

The usual thing I am interested at that point is - does name
resolution work properly from within the jail?  /etc/resolv.conf setup
correctly etc?



> The funny thing is, that I have no problem installing ports from the
> Host-system. From what I can tell, all the config files are correct:
>
> Jail# cat /etc/rc.conf
> sshd_enable="YES"
> ifconfig_bce0="inet x.y.z.60 netmask 255.255.255.192"
> defaultrouter="x.y.z.62"
> hostname="jail.example.com"

That's not going to work, really (the ifconfig, defaultrouter, and
unless you changed the defaults on the host system not even the
hostname).  You should actually remove those.


> Host# cat /etc/rc.conf
> sshd_enable="NO"
> ifconfig_bce0="inet x.y.z.61 netmask 255.255.255.192"
> defaultrouter="x.y.z.62"
> hostname="host.example.com"
> ipv6_enable="NO"
> jail_enable="YES"
> jail_set_hostname_allow="NO"
> jail_list="jail"
> jail_jail_hostname="jail"
> jail_jail_ip="x.y.z.60"
> jail_jail_rootdir="my/jail/root"
> jail_jail_devfs_enable="YES"

That doesn't really match your ifconfig output from above; something
on the host system would have to set the IP address of the host. I
would expect something like (you may have mixed jail and host
addresses so properly sort this):

# host system IP address
ifconfig_bce0=inet x.y.z.61 netmask 255.255.255.192"
# jail IP address
ifconfig_bce0_alias0=inet x.y.z.60 netmask 255.255.255.255"

Note that the alias has a /32 netmask.


/bz

-- 
Bjoern A. Zeeb It will not break if you know what you are doing.
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"