Re: Problem with jail network
bsd schreef: Hi, I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html The is now correctly starting, but I can't seem to use the network stack. root@master 16:52:55 ~ - jls JID IP Address Hostname Path 1 xx.216.yy.150 n0.no.no/jail/j/n0 But I can't ping neither outside of the jail, nor inside of It. I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else. ifconfig_bce0_alias0=inetxx.216.yy.150/32 This last command seems to have frozen my system. Since I can't reach the network, I can't install ports either… ! Thanks for your help. Does your jail knows how to reach the router, or for that matter your host sytem. What does a traceroute do. You need to set some sysctl values to be able to ping or trace route from within a jail. regards, Johan Hendriks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with jail network
On 11/30/11 5:05 PM, bsd wrote: Hi, I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html The is now correctly starting, but I can't seem to use the network stack. root@master 16:52:55 ~ - jls JID IP Address Hostname Path 1 xx.216.yy.150 n0.no.no/jail/j/n0 But I can't ping neither outside of the jail, nor inside of It. I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else. ifconfig_bce0_alias0=inetxx.216.yy.150/32 This last command seems to have frozen my system. Confirm that the MISSING SPACE between your inet and xxx.216... statements is only a typo and NOT present in your actual rc.conf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with jail network
- Original Message - From: bsd b...@todoo.biz To: Liste FreeBSD freebsd-questions@freebsd.org Cc: Sent: Thursday, 1 December 2011 1:05 AM Subject: Problem with jail network Hi, I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html The is now correctly starting, but I can't seem to use the network stack. root@master 16:52:55 ~ - jls JID IP Address Hostname Path 1 xx.216.yy.150 n0.no.no /jail/j/n0 But I can't ping neither outside of the jail, nor inside of It. I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else. ifconfig_bce0_alias0=inetxx.216.yy.150/32 This last command seems to have frozen my system. Since I can't reach the network, I can't install ports either… ! It might be wrong information. _ Perhaps you might setup /etc/resolv.conf in Jail? http://www.cyberciti.biz/faq/freebsd-mount_nullf-usrports-inside-jail/ --- Inexperienced FreeBSD user: Level 4 masayoshi Ayumi Kinoshita http://tinyurl.com/63zg3op ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with jail network
Le 30 nov. 2011 à 17:17, Damien Fleuriot a écrit : On 11/30/11 5:05 PM, bsd wrote: Hi, I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html The is now correctly starting, but I can't seem to use the network stack. root@master 16:52:55 ~ - jls JID IP Address Hostname Path 1 xx.216.yy.150 n0.no.no/jail/j/n0 But I can't ping neither outside of the jail, nor inside of It. I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else. ifconfig_bce0_alias0=inetxx.216.yy.150/32 This last command seems to have frozen my system. Confirm that the MISSING SPACE between your inet and xxx.216... statements is only a typo and NOT present in your actual rc.conf This is confirmed. I have the equivalent of : ifconfig_bce0_alias0=inet 1.2.3.4/32 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org –– - Grégory Bernard Director - --- www.osnet.eu --- -- Your provider of OpenSource appliances -- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with jail network
Le 30 nov. 2011 à 17:45, masayoshi a écrit : - Original Message - From: bsd b...@todoo.biz To: Liste FreeBSD freebsd-questions@freebsd.org Cc: Sent: Thursday, 1 December 2011 1:05 AM Subject: Problem with jail network Hi, I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html The is now correctly starting, but I can't seem to use the network stack. root@master 16:52:55 ~ - jls JID IP Address Hostname Path 1 xx.216.yy.150 n0.no.no/jail/j/n0 But I can't ping neither outside of the jail, nor inside of It. I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else. ifconfig_bce0_alias0=inetxx.216.yy.150/32 This last command seems to have frozen my system. Since I can't reach the network, I can't install ports either… ! It might be wrong information. _ Perhaps you might setup /etc/resolv.conf in Jail? http://www.cyberciti.biz/faq/freebsd-mount_nullf-usrports-inside-jail/ root@master 18:27:21 ~ - jls JID IP Address Hostname Path 1 1.2.3.4 n0.n.o/jail/j/ns0 root@master 18:27:25 ~ - jexec 1 sh # more /etc/resolv.conf domain n.o nameserver 8.8.8.8 n0# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes ^C --- 8.8.8.8 ping statistics --- 13 packets transmitted, 0 packets received, 100.0% packet loss --- Inexperienced FreeBSD user: Level 4 masayoshi Ayumi Kinoshita http://tinyurl.com/63zg3op ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org –– - Grégory Bernard Director - --- www.osnet.eu --- -- Your provider of OpenSource appliances -- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with jail network
On 11/30/11 6:29 PM, bsd wrote: Le 30 nov. 2011 à 17:17, Damien Fleuriot a écrit : On 11/30/11 5:05 PM, bsd wrote: Hi, I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html The is now correctly starting, but I can't seem to use the network stack. root@master 16:52:55 ~ - jls JID IP Address Hostname Path 1 xx.216.yy.150 n0.no.no/jail/j/n0 But I can't ping neither outside of the jail, nor inside of It. I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else. ifconfig_bce0_alias0=inetxx.216.yy.150/32 This last command seems to have frozen my system. Confirm that the MISSING SPACE between your inet and xxx.216... statements is only a typo and NOT present in your actual rc.conf This is confirmed. I have the equivalent of : ifconfig_bce0_alias0=inet 1.2.3.4/32 AFAIK, unless you allow raw sockets, you will not be able to ping from the jail. Find below the conf I successfully used, a long time ago, for a jail hosting DNS. This is from my rc.conf on the host system. ### JAILS jail_enable=NO jail_set_hostname_allow=NO jail_list=ns jail_ns_interface=lo53 jail_ns_ip=192.168.0.53,2001:41d0:2:613b::53/56 jail_ns_hostname=ns.my.gd # fec0:[interface index]::[damien fleuriot]:[interface number] # example: fec0:5::df:252 for loopback interface lo252 jail_ns_rootdir=/var/jail/ns jail_ns_devfs_enable=YES #jail_ns_devfs_ruleset=devfsrules_jail_ns You will notice this creates a lo53 (loopback) interface with private IPv4 and IPv6 addresses. I then used PF to redirect DNS queries to this jail. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with jail network
Le 30 nov. 2011 à 18:36, Damien Fleuriot a écrit : On 11/30/11 6:29 PM, bsd wrote: Le 30 nov. 2011 à 17:17, Damien Fleuriot a écrit : On 11/30/11 5:05 PM, bsd wrote: Hi, I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html The is now correctly starting, but I can't seem to use the network stack. root@master 16:52:55 ~ - jls JID IP Address Hostname Path 1 xx.216.yy.150 n0.no.no/jail/j/n0 But I can't ping neither outside of the jail, nor inside of It. I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else. ifconfig_bce0_alias0=inetxx.216.yy.150/32 This last command seems to have frozen my system. Confirm that the MISSING SPACE between your inet and xxx.216... statements is only a typo and NOT present in your actual rc.conf This is confirmed. I have the equivalent of : ifconfig_bce0_alias0=inet 1.2.3.4/32 AFAIK, unless you allow raw sockets, you will not be able to ping from the jail. Find below the conf I successfully used, a long time ago, for a jail hosting DNS. This is from my rc.conf on the host system. ### JAILS jail_enable=NO jail_set_hostname_allow=NO jail_list=ns jail_ns_interface=lo53 jail_ns_ip=192.168.0.53,2001:41d0:2:613b::53/56 jail_ns_hostname=ns.my.gd # fec0:[interface index]::[damien fleuriot]:[interface number] # example: fec0:5::df:252 for loopback interface lo252 jail_ns_rootdir=/var/jail/ns jail_ns_devfs_enable=YES #jail_ns_devfs_ruleset=devfsrules_jail_ns You will notice this creates a lo53 (loopback) interface with private IPv4 and IPv6 addresses. I then used PF to redirect DNS queries to this jail. I don't want the IP to be redirected, I would like the jail to have It's own IP. Redirection would probably involve a NAT on your main IP to the IP of the jail, which is something I would like to avoid. Did you use something like the aforementioned ifconfig alias to give the IP to your jail ? ifconfig_bce0_alias0=inet 1.2.3.4/32 What bothers me is that I am not able to ping from the outside either… ?? And I can't install any ports because I don't have any network available inside the jail. –– - Grégory Bernard Director - --- www.osnet.eu --- -- Your provider of OpenSource appliances -- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with jail network
On 11/30/11 6:52 PM, bsd wrote: Le 30 nov. 2011 à 18:36, Damien Fleuriot a écrit : On 11/30/11 6:29 PM, bsd wrote: Le 30 nov. 2011 à 17:17, Damien Fleuriot a écrit : On 11/30/11 5:05 PM, bsd wrote: Hi, I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html The is now correctly starting, but I can't seem to use the network stack. root@master 16:52:55 ~ - jls JID IP Address Hostname Path 1 xx.216.yy.150 n0.no.no/jail/j/n0 But I can't ping neither outside of the jail, nor inside of It. I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else. ifconfig_bce0_alias0=inetxx.216.yy.150/32 This last command seems to have frozen my system. Confirm that the MISSING SPACE between your inet and xxx.216... statements is only a typo and NOT present in your actual rc.conf This is confirmed. I have the equivalent of : ifconfig_bce0_alias0=inet 1.2.3.4/32 AFAIK, unless you allow raw sockets, you will not be able to ping from the jail. Find below the conf I successfully used, a long time ago, for a jail hosting DNS. This is from my rc.conf on the host system. ### JAILS jail_enable=NO jail_set_hostname_allow=NO jail_list=ns jail_ns_interface=lo53 jail_ns_ip=192.168.0.53,2001:41d0:2:613b::53/56 jail_ns_hostname=ns.my.gd # fec0:[interface index]::[damien fleuriot]:[interface number] # example: fec0:5::df:252 for loopback interface lo252 jail_ns_rootdir=/var/jail/ns jail_ns_devfs_enable=YES #jail_ns_devfs_ruleset=devfsrules_jail_ns You will notice this creates a lo53 (loopback) interface with private IPv4 and IPv6 addresses. I then used PF to redirect DNS queries to this jail. I don't want the IP to be redirected, I would like the jail to have It's own IP. Redirection would probably involve a NAT on your main IP to the IP of the jail, which is something I would like to avoid. Did you use something like the aforementioned ifconfig alias to give the IP to your jail ? ifconfig_bce0_alias0=inet 1.2.3.4/32 What bothers me is that I am not able to ping from the outside either… ?? And I can't install any ports because I don't have any network available inside the jail. Nope, I used the loopback interface. Again, for pings to work, AFAIK, you need to enable raw sockets within the jail. security.jail.allow_raw_sockets=1 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with jail network
bsd wrote: Hi, I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html The is now correctly starting, but I can't seem to use the network stack. root@master 16:52:55 ~ - jls JID IP Address Hostname Path 1 xx.216.yy.150 n0.no.no/jail/j/n0 But I can't ping neither outside of the jail, nor inside of It. I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else. ifconfig_bce0_alias0=inetxx.216.yy.150/32 This last command seems to have frozen my system. Since I can't reach the network, I can't install ports either… ! Thanks for your help. Best you use the qjail port to create your jails. The documentation is much better in qjail. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
