Problem with jail network
Damien Fleuriot
ml at my.gd
Wed Nov 30 17:36:24 UTC 2011
On 11/30/11 6:29 PM, bsd wrote:
> Le 30 nov. 2011 à 17:17, Damien Fleuriot a écrit :
>
>>
>>
>> On 11/30/11 5:05 PM, bsd wrote:
>>> Hi,
>>>
>>> I have been configuring a jail system using the howto provided here : http://www.freebsd.org/doc/handbook/jails-application.html
>>>
>>> The is now correctly starting, but I can't seem to use the network stack.
>>>
>>>
>>>> root at master 16:52:55 ~ -> jls
>>>> JID IP Address Hostname Path
>>>> 1 xx.216.yy.150 n0.no.no /jail/j/n0
>>>
>>>
>>> But I can't ping neither outside of the jail, nor inside of It.
>>>
>>> I am a bit confused because I don't know if I have to configure the IP using an alias on the main Eth interface, or do something else.
>>>
>>>> ifconfig_bce0_alias0="inetxx.216.yy.150/32"
>>>
>>>
>>>
>>> This last command seems to have frozen my system.
>>>
>>
>> Confirm that the MISSING SPACE between your "inet" and "xxx.216..."
>> statements is only a typo and NOT present in your actual rc.conf
>>
>
> This is confirmed.
>
> I have the equivalent of :
>
> ifconfig_bce0_alias0="inet 1.2.3.4/32"
>
AFAIK, unless you allow raw sockets, you will not be able to ping from
the jail.
Find below the conf I successfully used, a long time ago, for a jail
hosting DNS.
This is from my rc.conf on the host system.
### JAILS
jail_enable="NO"
jail_set_hostname_allow="NO"
jail_list="ns"
jail_ns_interface="lo53"
jail_ns_ip="192.168.0.53,2001:41d0:2:613b::53/56"
jail_ns_hostname="ns.my.gd"
# fec0:[interface index]::[damien fleuriot]:[interface number]
# example: fec0:5::df:252 for loopback interface lo252
jail_ns_rootdir="/var/jail/ns"
jail_ns_devfs_enable="YES"
#jail_ns_devfs_ruleset="devfsrules_jail_ns"
You will notice this creates a lo53 (loopback) interface with private
IPv4 and IPv6 addresses.
I then used PF to redirect DNS queries to this jail.
More information about the freebsd-questions
mailing list