Jails on FreeBSD 9.0
joris dedieu
joris.dedieu at gmail.com
Thu Jul 12 09:56:49 UTC 2012
2012/7/12 Herbert J. Skuhra <h.skuhra at gmail.com>:
> On Wed, Jul 11, 2012 at 11:59 PM, Herbert J. Skuhra <h.skuhra at gmail.com> wrote:
>> Hi,
>>
>> although I've followed the instructions in jail(8) and jail.conf(5) I
>> cannot manage to setup jails on FreeBSD 9.0 STABLE (r238334).
>>
>> The symptons:
>>
>> * ssh'ing to jail works, but it takes about 20 seconds until password
>> prompt appears
Does it still the same with UseDNS=no in /etc/ssh/sshd_config ?
>> * netstat -r in the jail takes about 150 seconds to finish
Does netstat -rn does the same ?
>> * connections to the internet time out; with tcpdump I see that
>> packets leave and enter the public interface on the host, but never
>> reach the jail
>>
>> I use lo1 interface and ip address 192.168.1.1/24 for the jail. Public
>> interface is fxp0 with both an IPv4 and an IPv6 address assigned.
>> Of course, nat is enable via pf on the public interface.
Can you post your PF configuration ?
>
> After switching to ipfw/natd networking in the jail works.
> Could this be a bug?
I think you had an issue with firewall that block name resolution and
makes everything goes slow. At least you need one single line on your
pf.conf :
nat on $public_interface form $jail_ip to any -> ($public_interface)
>
> --
> Herbert
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
More information about the freebsd-jail
mailing list