Jails and networks
Norman Gray
norman.gray at glasgow.ac.uk
Fri Aug 24 15:55:02 UTC 2018
Alejandro, hello.
Thanks for your further comments.
On 24 Aug 2018, at 16:10, Alejandro Imass wrote:
> Try by IP to the outside first.
I should have mentioned that I tried that, too, but
# telnet 130.209.16.90 80
Trying 130.209.16.90...
telnet: connect to address 130.209.16.90: Operation timed out
telnet: Unable to connect to remote host
#
(and I can telnet to that machine -- a web server -- normally from
outside).
> Make sure you have a resolv.conf in your jail. Copy the one from
> outside or use something like:
>
> nameserver 8.8.8.8
I thought of that -- my resolv.conf is sane.
>> There's something important about jail networking that I'm not
>> understanding, but I haven't a clue what it is. Most frustrating.
>>
>
> It usually works pretty much automatic, especially with ezjail.
That's the very strong impression I've gleaned from elsewhere -- it
should Just Work. It must be that I've messed up _something_ in the
host's networking, though it's a pretty fresh install on a machine where
I'm experimenting only with this. (and yes, it's installed on bare
metal, not a VM).
I know that the jail's networking will look slightly different from the
host's but I'm not sure in just what respect. The routing table looks
odd:
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
192.168.11.128 link#3 UHS lo0
#
But since none of the ezjail guides have mentioned having to adjust
routing, even in passing, I don't _think_ that's wrong. In any case,
since the jail doesn't have its own networking stack, it's the host's
routing table that matters. Or at least I think so -- this is what I
mean when I say that I'm suddenly doubting what I think I know about
networking+jails.
>> That is:
>>
>> # ezjail-admin onestart norman
>> Starting jails:/etc/rc.d/jail: WARNING: /var/run/jail.norman.conf
>> is
>> created and used for jail norman.
>> /etc/rc.d/jail: WARNING: Per-jail configuration via jail_*
>> variables is
>> obsolete. Please consider migrating to /etc/jail.conf.
>>
>
>
> Yeah, I've seen that for a long time now and I've seen some discussion
> around it. Not sure it makes any real difference and has never been a
> problem for me.
>
> Maybe you can try a the ezjail mailing list:
>
> https://erdgeist.org/arts/software/ezjail/#author-contact
>
> Dirk is usually very friendly and fast in responding. Qjail says they
> work on 11 and beyond but I've never tried it.
I think I should indeed try there. It sounds as if this might need some
specialised knowledge.
> There's been some
> friction over the years and I sided with Dirk and continue to use
> ezjail.
That's also very useful to know. As with all of these things, it'd be
interesting to know more about the grounds and nature of the split, but
that's not always easy to find.
Best wishes,
Norman
--
Norman Gray : http://www.astro.gla.ac.uk/users/norman/it/
SUPA School of Physics and Astronomy, University of Glasgow, UK
// My current template week for IT Management tasks is: Monday, Tuesday,
and Friday
More information about the freebsd-questions
mailing list