Ping from jail not permitted error
Eric Andrews
eric.m.andrews at gmail.com
Sun Apr 18 02:30:17 UTC 2010
On Sun, Apr 18, 2010 at 12:39 AM, Aiza <aiza21 at comclark.com> wrote:
> My jail has public internet access because i can do pkg_add -r unix2dos and
> the package does install. But when I enter ping -c 2 freebsd.org I get
> message "ping: socket: Operation not permitted" There is no firewall
> running in the jail.
>
> Any ideas would be helpful.
there is a reason people write man pages; honor their hard work by
reading them first!
>From jail(8):
security.jail.allow_raw_sockets
This MIB entry determines whether or not prison root is allowed to
create raw sockets. Setting this MIB to 1 allows utilities like
ping(8) and traceroute(8) to operate inside the prison. If this MIB
is set, the source IP addresses are enforced to comply with the IP
address bound to the jail, regardless of whether or not the
IP_HDRINCL flag has been set on the socket. Since raw sockets can
be used to configure and interact with various network subsystems,
extra caution should be used where privileged access to jails is
given out to untrusted parties. As such, by default this option is
disabled.
Regards,
aaron.glenn
More information about the freebsd-questions
mailing list