Jails and networks

Alejandro Imass aimass at yabarana.com
Fri Aug 24 15:10:14 UTC 2018

On Fri, Aug 24, 2018 at 8:35 AM, Norman Gray <norman.gray at glasgow.ac.uk> wrote:
> Alejandro, hello.
> On 23 Aug 2018, at 23:18, Alejandro Imass wrote:


> Thanks for this advice.  However I don't think this is the root of my
> problem.  I can do:


> igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>         ether a4:bf:01:26:7d:b1
>         hwaddr a4:bf:01:26:7d:b1
>         inet netmask 0xffffffff broadcast


> which look right, but
>     # host www.freebsd.org
>     ;; connection timed out; no servers could be reached
>     #
> So something is still amiss with the networking inside the jail, or the way
> I've set up networking outside of the jail (nothing exotic at all as far as
> I'm aware), and I'm at a loss as to what it might be, or how to debug it.

Try by IP to the outside first.

Make sure you have a resolv.conf in your jail. Copy the one from
outside or use something like:


I banged my head on this for a while.

> There's something important about jail networking that I'm not
> understanding, but I haven't a clue what it is.  Most frustrating.

It usually works pretty much automatic, especially with ezjail.


> On the question of 'ezjail-admin start' vs /usr/sbin/jail...
> I'd switched to starting jails with /usr/sbin/jail partly because I'd formed
> the impression that ezjail could be used as a convenient way of doing the
> fiddly and errorprone work of assembling jails, but that the jails were
> standard enough that they could be managed thereafter with the standard
> tool.  This impression may of course be wrong in an illuminating way.
> If true, that's a nice place to be, since 'ezjail-admin create' is doing
> work that I basically understand but would do less well, but there's no
> extra magic that 'ezjail-admin start' is doing.  I'm all for minimising
> magic.
> Also, it seems that there's at least some incompatibility between current
> ezjail (3.4.2) and 11.2 jails.  exjail-admin starts jails using the
> four-argument call to /usr/sbin/jail, which means that /etc/jail.conf is
> ignored.  `jail` produces a warning in this case, that this is an 'obsolete'
> way of starting a jail; the jail(8) manpage doesn't say 'obsolete', but does
> mention this call as being present 'for backward compatibility'.
> That is:
>     # ezjail-admin onestart norman
>     Starting jails:/etc/rc.d/jail: WARNING: /var/run/jail.norman.conf is
> created and used for jail norman.
>     /etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables  is
> obsolete.  Please consider migrating to /etc/jail.conf.

Yeah, I've seen that for a long time now and I've seen some discussion
around it. Not sure it makes any real difference and has never been a
problem for me.

Maybe you can try a the ezjail mailing list:


Dirk is usually very friendly and fast in responding. Qjail says they
work on 11 and beyond but I've never tried it. There's been some
friction over the years and I sided with Dirk and continue to use

More information about the freebsd-questions mailing list