problems with jail
Harald Schmalzbauer
h.schmalzbauer at omnisec.de
Fri Feb 23 16:48:24 UTC 2007
Am Freitag, 23. Februar 2007 02:49 schrieb Jim Stapleton:
> oops, did a reply instead of reply all, sorry.
>
> My question was "what's the best way to test net connectivity in jail,
> csup?", and i did try csup (using a copy of my standard ports
For ping (and other ICMP tools etc.) you have to change the following on the
host:
'sysctl security.jail.allow_raw_sockets=1'
See the man (8) jail for more info!
Greetings,
-Harry
> supfile), it failed:
>
> %csup -g -L 2 /etc/supfile-ports
> Parsing supfile "/etc/supfile-ports"
> Connecting to cvsup12.FreeBSD.org
> Name lookup failure for "cvsup12.FreeBSD.org": hostname nor servname
> provided, or not known
> Will retry at 20:52:12
>
>
> I'm only using one jail (it'll run apache, mysql and possibly sftp)
>
> Thanks,
> -Jim Stapleton
>
> On 2/23/07, Jonathan Chen <jonc at chen.org.nz> wrote:
> > On Fri, Feb 23, 2007 at 01:22:53AM +0000, Jim Stapleton wrote:
> > > I'd like to get Apache running in jail, but I can't seem to get
> > > network working in jail.
> >
> > [...]
> >
> > > Anyway, when I go to jail, running csh (as root) in jail, I try/get:
> > > %ping 192.168.1.1
> > > ping: socket: Operation not permitted
> >
> > This is normal. You can't ping out from a jail. If you're going to
> > manage several jails on a box, I would suggest you try the ezjail
> > port.
> >
> > Cheers.
> > --
> > Jonathan Chen <jonc at chen.org.nz>
> > -----------------------------------------------------------------------
> > "I love deadlines. I like the whooshing sound they make as they fly by"
> > - Douglas Adams
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
--
OmniSEC - UNIX und Windows Netzwerke - Sicher
Harald Schmalzbauer
Flintsbacher Str. 3
80686 München
+49 (0) 89 18947781
+49 (0) 160 93860101
More information about the freebsd-questions
mailing list