What have I neglected to do in order to get networking in a jail?

Herbert J. Skuhra herbert at gojira.at
Thu May 31 08:55:22 UTC 2018 

On Wed, 30 May 2018 17:24:03 +0200, "James B. Byrne via freebsd-questions" wrote:
> 
> On FreeBSD-11.1 host:
> 
> [root at host:~]# service pf onestatus
> pf.ko is not loaded
> 
> 
> In /etc/rc.conf
> . . .
> defaultrouter="216.185.71.1"      # Gateway
> gateway_enable="YES"              # Enable as ipv4 LAN gateway for
> guests/jails
> #ipv6_gateway_enable="YES"        # Enable as ipv6 LAN gateway
> 
> # Aliases on the host i/f are set here - jailed aliases are handled by
> ezjail
> ifconfig_vtnet0_alias0="inet 192.168.216.18 netmask 255.255.255.255"
> #ifconfig_vtnet0_alias1="inet 192.168.216.xxx netmask 0xFFFFFFFF"
> #ifconfig_vtnet0_alias2="inet 192.168.216.xxy netmask 0xFFFFFFFF"
> 
> ### Enable and configure ezjail jails
> # Setup the loopback interfaces that each jail will use
> # Remember to add a 'set skip on lo#' clause in /etc/pf.conf
> cloned_interfaces="lo1 lo2"
> ipv4_addrs_lo1="127.0.31.1/32"
> ipv4_addrs_lo2="127.0.32.1/32"
> 
> ### Jailed Services
> ezjail_enable="YES"               # Enable ezjail jail manager
> 
> 
> [root at host:~]# ifconfig
> 
> vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
> metric 0 mtu 1500
> 	options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
> 	ether 58:9c:fc:0e:cd:bb
> 	hwaddr 58:9c:fc:0e:cd:bb
> 	inet 216.185.71.18 netmask 0xffffff00 broadcast 216.185.71.255
> 	inet 192.168.216.18 netmask 0xffffffff broadcast 192.168.216.18
> 	inet 218.185.71.31 netmask 0xffffffff broadcast 218.185.71.31
> 	inet 192.168.216.31 netmask 0xffffffff broadcast 192.168.216.31
> 	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> 	media: Ethernet 10Gbase-T <full-duplex>
> 	status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> 	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> 	inet6 ::1 prefixlen 128
> 	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
> 	inet 127.0.0.1 netmask 0xff000000
> 	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> 	groups: lo
> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> 	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> 	inet 127.0.31.1 netmask 0xffffffff
> 	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> 	groups: lo
> lo2: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> 	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> 	inet 127.0.32.1 netmask 0xffffffff
> 	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> 	groups: lo
> 
> 
> [root at host:~]# jls
>    JID  IP Address      Hostname                      Path
>      1  127.0.31.1      mx31                          /usr/jails/mx31
> 
> 
> On jail:
> 
> root at mx31:~ # sysctl security.jail.allow_raw_sockets
> security.jail.allow_raw_sockets: 1
> 
> root at mx31:~ # ifconfig
> vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
> metric 0 mtu 1500
> 	options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
> 	ether 58:9c:fc:0e:cd:bb
> 	hwaddr 58:9c:fc:0e:cd:bb
> 	inet 218.185.71.31 netmask 0xffffffff broadcast 218.185.71.31
> 	inet 192.168.216.31 netmask 0xffffffff broadcast 192.168.216.31
> 	media: Ethernet 10Gbase-T <full-duplex>
> 	status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> 	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> 	groups: lo
> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> 	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> 	inet 127.0.31.1 netmask 0xffffffff
> 	groups: lo
> lo2: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> 	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> 	groups: lo
> 
> root at mx31:~ # cat /etc/resolv.conf
> search harte-lyne.ca
> nameserver 216.185.71.33
> nameserver 216.185.71.34
> nameserver 127.0.0.1
> options edns0
> 
> root at mx31:~ # cat /etc/hosts
> # $FreeBSD: releng/11.1/etc/hosts 109997 2003-01-28 21:29:23Z dbaker $
> #
> # Host Database
> . . .
> #
> #
> ::1             localhost localhost.harte-lyne.ca
> 127.0.0.1       localhost localhost.harte-lyne.ca
> 
> 
> root at mx31:~ # pkg install bash
> The package management tool is not yet installed on your system.
> Do you want to fetch and install it now? [y/N]: y
> Bootstrapping pkg from
> pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait...
> pkg: Error fetching
> http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/Latest/pkg.txz: No
> address record
> A pre-built version of pkg could not be found for your system.
> Consider changing PACKAGESITE or installing it from ports:
> 'ports-mgmt/pkg'.
> 
> 
> 
> root at mx31:~ # ping 216.185.71.1
> PING 216.185.71.1 (216.185.71.1): 56 data bytes
> ^C
> --- 216.185.71.1 ping statistics ---
> 5 packets transmitted, 0 packets received, 100.0% packet loss
> 
> Why does this jail not have a network connection?

After a quick check I guess you are missing NAT on the host (pf or ipfw)?

--
Herbert

More information about the freebsd-questions mailing list