Configuring network without ezjail
James Gritton
jamie at freebsd.org
Sun Dec 13 06:07:32 UTC 2015
On 2015-12-12 23:18, marcel wrote:
> On 12/12/2015 18:10, James Gritton wrote:
>> On 2015-12-11 18:50, marcel wrote:
>>> No I don't get to have an IP address... Yet I have writed this in my
>>> host's rc.conf:
>>>
>>> jail_enable="YES"
>>> jail_list="thename"
>>> jail_guantanamo_rootdir="thepath"
>>> jail_guantanamo_hostname="thename"
>>> jail_guantanamo_ip="192.168.0.12"
>>>
>>> and I use the command:
>>>
>>> jail thepath thename 192.168.0.12 /bin/csh
>>>
>>> to connect to my jail...
>>
>> Is the jail even created? You show jail_name as "thename", but the
>> jail config variables are jail_quantanamo_*. So when you say
>> "thename" do you really mean quantanamo? Because if you don't, then
>> the jail won't get configured at startup.
>>
>> The command you're using to connect to the jail is actually a command
>> that creates a jail. That's probably not what you want, as that jail
>> is likely to disappear again after you exit from it. You should be
>> using jexec(8), assuming your jail has been properly created in the
>> first place.
>>
>> Now to the IP address: is your entire box behind some gateway, where
>> it uses a 192.168 address? If it isn't, you'll need more than to just
>> declare such an address - you'll need a jail with vnet, which is
>> rather more complex. But if it is, then the question becomes: is
>> 192.168.0.12 the host address, i.e. are you creating a jail that
>> shares the host address? If you are it should work, but most jails
>> aren't done this way.
>>
>> Specifying a jail's IP address only tell which of the host's existing
>> addresses to use. If that address isn't already set up, it won't be
>> used - unless you tell it to. If you're still using the rc.conf-based
>> jail specification, you can set jail_interface (or
>> jail_quantanamo_interface) to the name of the network interface where
>> the host's main IP address lives (e.g. "em0" or somesuch). Such a
>> config line is likely all you need.
>>
>> - Jamie
> Yes, the jail is created with the make installworld, make distribution,
> jail -c , etc method and I launch it with jail -c guantanamo and
> connect
> to it with jexec id shell.
>
> Yes, sorry I have badly explained so jail_name="thename", thename is
> guantanamo.
>
> My host is behind a router that provide me an internet access yes and
> yes 192.168.0.12 is my host ip so yes my jail share the host address.
> jls command show me this address but ifconfig command (in my jail) show
> me no address...
>
> I've read that in my case I've just need of jail_enable="YES" in my
> rc.conf... I will add with most of jail_guantanamo* variable and
> test...
If 192.168.0.12 is your host IP, try creating the jail without IP
address restrictions. I don't think you can do that with with the old
rc.conf-based specification, but with a jail.conf file (or from a
command line), you just add "ip4=inherit" and don't mention an
ip4.address at all. That will create a jail that has access to all of
the host IP addresses.
- Jamie
More information about the freebsd-jail
mailing list