Networking from jail - errata

Scheithauer, Lars (FH) Lars.Scheithauer at fh-heidelberg.de
Tue Nov 17 09:49:04 UTC 2009 

Quick note:
Forgot to replace two values.
Jail - x.y.z.61
Host - x.y.z.60
Router - x.y.z.62


-----Ursprüngliche Nachricht-----
Von: owner-freebsd-jail at freebsd.org [mailto:owner-freebsd-jail at freebsd.org] Im Auftrag von Scheithauer, Lars (FH)
Gesendet: Dienstag, 17. November 2009 10:19
An: freebsd-jail at freebsd.org
Betreff: Networking from jail

Hi everyone!

I'm having a little trouble with my jail's networking and I'm not sure
what to make of it.

My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The
jailhost has both IP-adresses, the jail has just it's own:

Jail# ifconfig
bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
 
options=1bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,
TSO4>
        ether xx:xx:xx:xx:xx:10
        inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63
        media: Ethernet autoselect (1000baseSX <full-duplex>)
        status: active
[...]
Host# ifconfig
bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
 
options=1bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,
TSO4>
        ether xx:xx:xx:xx:xx:10
        inet x.y.z.61 netmask 0xffffffc0 broadcast x.y.z.63
        inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63
        media: Ethernet autoselect (1000baseSX <full-duplex>)
        status: active
[...]

I am able to access the ssh-server running on the jail, and I am able to
access the proxyserver of our network via telnet and get some pages of
the internet. However, if I want to install something from the ports,
the jail is unable to fetch it:

Jail# cd /usr/ports/ftp/wget
Jail# make
===>  Vulnerability check disabled, database not found
===>  Found saved configuration for wget-1.11.4_1
=> wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://ftp.gnu.org/gnu/wget/.
fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed
out
=> Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/.
[...]

I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY
and FTP_PROXY. If I test the connection with netcat, I get the following
error message:
# nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80
nc: read failed (0/3): Broken pipe

The funny thing is, that I have no problem installing ports from the
Host-system. From what I can tell, all the config files are correct:

Jail# cat /etc/rc.conf
sshd_enable="YES"
ifconfig_bce0="inet x.y.z.60 netmask 255.255.255.192"
defaultrouter="x.y.z.62"
hostname="jail.example.com"

Host# cat /etc/rc.conf
sshd_enable="NO"
ifconfig_bce0="inet x.y.z.61 netmask 255.255.255.192"
defaultrouter="x.y.z.62"
hostname="host.example.com"
ipv6_enable="NO"
jail_enable="YES"
jail_set_hostname_allow="NO"
jail_list="jail"
jail_jail_hostname="jail"
jail_jail_ip="x.y.z.60"
jail_jail_rootdir="my/jail/root"
jail_jail_devfs_enable="YES"

Any ideas?

Best Regards,
Lars
_______________________________________________
freebsd-jail at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"

More information about the freebsd-jail mailing list