jail networking

Casper kl at os.lv
Tue Jul 26 22:31:25 GMT 2005


I played little more:

jail# ping www.google.lv
PING www.l.google.com (216.239.59.104): 56 data bytes
^C
--- www.l.google.com ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
jail# ping 216.239.59.104
PING 216.239.59.104 (216.239.59.104): 56 data bytes
64 bytes from 216.239.59.104: icmp_seq=0 ttl=245 time=64.629 ms
64 bytes from 216.239.59.104: icmp_seq=1 ttl=245 time=63.744 ms
^C
--- 216.239.59.104 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss

With host ping not working, and seems that dns is working ok, becouse it 
resolving ip and with ip network working... :)

Anybody can say what is the problem? :)

Casper

Casper wrote:
> 
>  Hi,
> 
>  I have problem with setuping network to jail...
>  I have #uname -a
> FreeBSD gam.zuze.lv 5.4-RELEASE-p5 FreeBSD Wed Jul 20 19:52:44 EEST 2005
> and installed jail on it...
> sysctl:
> net.inet.ip.forwarding: 1
> security.jail.set_hostname_allowed: 1
> security.jail.socket_unixiproute_only: 1
> security.jail.sysvipc_allowed: 0
> security.jail.getfsstatroot_only: 1
> security.jail.allow_raw_sockets: 1
> security.jail.chflags_allowed: 0
> security.jail.jailed: 0
> 
> from host ping:
> # ping www.google.lv
> PING www.l.google.com (216.239.59.104): 56 data bytes
> 64 bytes from 216.239.59.104: icmp_seq=0 ttl=245 time=64.608 ms
> 64 bytes from 216.239.59.104: icmp_seq=1 ttl=245 time=65.198 ms
> 2 packets transmitted, 2 packets received, 0% packet loss
> 
> from jail:
> jail# ping www.google.lv
> PING www.l.google.com (216.239.59.99): 56 data bytes
> ^C
> --- www.l.google.com ping statistics ---
> 3 packets transmitted, 0 packets received, 100% packet loss
> 
> but traceroute from jail show every second packet:
> 4  latnet.to.lattelekom.lv (195.13.173.221)  4.324 ms *  4.810 ms
>  5  * so-4-0-0-war1.lnt.cw.net (166.63.222.101)  54.223 ms *
>  6  so-7-0-0-zcr2.lnt.cw.net (166.63.222.42)  72.205 ms *  54.778 ms
>  7  * 195.66.226.125 (195.66.226.125)  90.496 ms *
>  8  216.239.46.173 (216.239.46.173)  54.711 ms *  54.204 ms
>  9  * 216.239.49.254 (216.239.49.254)  64.939 ms *
> 10  216.239.49.121 (216.239.49.121)  67.530 ms * 216.239.49.114 
> (216.239.49.114)  68.128 ms
> 11  * 216.239.59.103 (216.239.59.103)  64.615 ms *
> 
>  From jail I can ping router and local network ips...
> 
> My pf.conf:
> ext_if="rl0"
> int_if="rl1"
> internal_net="172.22.1.0/24"
> external_addr="xx.xx.xx.xx"
> table <foo> { 10.0.0.0/8, 127.0.0.0/8, 172.22.0.0/24, 192.168.0.0/24 }
> set loginterface $ext_if
> set block-policy return
> scrub in all
> nat on $ext_if from $internal_net to any -> ($ext_if)
> pass in all
> pass out all
> pass  in  on $ext_if proto tcp from any to $ext_if port 22 keep state
> pass  out on $ext_if proto { tcp, udp } all keep state
> pass in on $ext_if proto { tcp, udp } from any to <foo> port 80 keep state
> pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers
> pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing
> 
> 
> There is some manual about jail networking?
> I don`t understand why not working jail network if I can ping router 
> from jail, routes ok and traceroute strange packets...
> 
> tnx,
> 
> Casper
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"
> 



More information about the freebsd-questions mailing list