Jails and networks
aimass at yabarana.com
Fri Aug 24 15:10:14 UTC 2018
On Fri, Aug 24, 2018 at 8:35 AM, Norman Gray <norman.gray at glasgow.ac.uk> wrote:
> Alejandro, hello.
> On 23 Aug 2018, at 23:18, Alejandro Imass wrote:
> Thanks for this advice. However I don't think this is the root of my
> problem. I can do:
> igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> ether a4:bf:01:26:7d:b1
> hwaddr a4:bf:01:26:7d:b1
> inet 192.168.11.128 netmask 0xffffffff broadcast 192.168.11.128
> which look right, but
> # host www.freebsd.org
> ;; connection timed out; no servers could be reached
> So something is still amiss with the networking inside the jail, or the way
> I've set up networking outside of the jail (nothing exotic at all as far as
> I'm aware), and I'm at a loss as to what it might be, or how to debug it.
Try by IP to the outside first.
Make sure you have a resolv.conf in your jail. Copy the one from
outside or use something like:
I banged my head on this for a while.
> There's something important about jail networking that I'm not
> understanding, but I haven't a clue what it is. Most frustrating.
It usually works pretty much automatic, especially with ezjail.
> On the question of 'ezjail-admin start' vs /usr/sbin/jail...
> I'd switched to starting jails with /usr/sbin/jail partly because I'd formed
> the impression that ezjail could be used as a convenient way of doing the
> fiddly and errorprone work of assembling jails, but that the jails were
> standard enough that they could be managed thereafter with the standard
> tool. This impression may of course be wrong in an illuminating way.
> If true, that's a nice place to be, since 'ezjail-admin create' is doing
> work that I basically understand but would do less well, but there's no
> extra magic that 'ezjail-admin start' is doing. I'm all for minimising
> Also, it seems that there's at least some incompatibility between current
> ezjail (3.4.2) and 11.2 jails. exjail-admin starts jails using the
> four-argument call to /usr/sbin/jail, which means that /etc/jail.conf is
> ignored. `jail` produces a warning in this case, that this is an 'obsolete'
> way of starting a jail; the jail(8) manpage doesn't say 'obsolete', but does
> mention this call as being present 'for backward compatibility'.
> That is:
> # ezjail-admin onestart norman
> Starting jails:/etc/rc.d/jail: WARNING: /var/run/jail.norman.conf is
> created and used for jail norman.
> /etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables is
> obsolete. Please consider migrating to /etc/jail.conf.
Yeah, I've seen that for a long time now and I've seen some discussion
around it. Not sure it makes any real difference and has never been a
problem for me.
Maybe you can try a the ezjail mailing list:
Dirk is usually very friendly and fast in responding. Qjail says they
work on 11 and beyond but I've never tried it. There's been some
friction over the years and I sided with Dirk and continue to use
More information about the freebsd-questions