How to connect a jail to the web ?

Oliver Fromme olli at lurza.secnetix.de
Thu Aug 12 15:52:42 UTC 2010 

Brice ERRANDONEA <berrandonea at yahoo.fr> wrote:
 > On the host, when the jail is not running :
 > 
 > %ifconfig
 > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
 >         options=8<VLAN_MTU>
 >         ether 00:11:09:15:72:6a
 >         inet 192.168.1.38 netmask 0xffffff00 broadcast 192.168.1.255
 >         media: Ethernet autoselect (100baseTX <full-duplex>)

OK, so 192.168.1.38 is the only (non-localnet) IP address that
you have.  You should use that one for your jail.

 > On the host when the jail is running :
 > 
 > FreeBSD# jls
 >    JID  IP Address      Hostname                      Path
 >      1  93.0.168.242    MaPrison                      /usr/prison
 > FreeBSD# ifconfig
 > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
 >         options=8<VLAN_MTU>
 >         ether 00:11:09:15:72:6a
 >         inet 192.168.1.38 netmask 0xffffff00 broadcast 192.168.1.255
 >         inet 93.0.168.242 netmask 0xffffffff broadcast 93.0.168.242
 >         media: Ethernet autoselect (100baseTX <full-duplex>)

Where did you get that second IP address from?  Did you just
add it manually?  Or is that the address that your gateway
(DSL router, whatever) got assigned from your ISP?

I assume that IP address is not really routed to your host,
but that NAT (Network Address Translation) is used on your
router.  So you cannot use that address on the host.
(If that's not true, please exlain the structure of your
network in more detail.)

So, if my assumptions are true, you must use the address
192.168.1.38 for your jail.  Make sure that DNS is working
inside the jail ...  It should be sufficient to copy
/etc/resolv.conf from the host to /usr/prison/etc/resolv.conf

If it still doesn't work:  Are you using any packet filter
(ipfw, ipf, pf)?  If so, please show the complete list of
rules.

Otherwise, it might help to run tcpdump(1) on the host, so
you can see the actual packets that are transmitted and
received.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"C++ is the only current language making COBOL look good."
        -- Bertrand Meyer

More information about the freebsd-questions mailing list