What have I neglected to do in order to get networking in a jail?
freebsd at qeng-ho.org
Thu May 31 14:29:39 UTC 2018
On 31/05/2018 15:21, James B. Byrne wrote:
> On Thu, May 31, 2018 09:40, Arthur Chance wrote:
>> I've just taken another look at your original mail. I think the key
>> might be in this
>>> [root at host:~]# jls
>>> JID IP Address Hostname Path
>>> 1 127.0.31.1 mx31
>> Note address ^^^^^
> The command jls reports the loopback address for all of the jails I
> have defined on other hosts. For example:
> [root at vhost02 ~]# jls
> JID IP Address Hostname Path
> 2 127.0.34.1 hlldns04 /usr/jails/hlldns04
> 3 127.0.150.1 hllmx150 /usr/jails/hllmx150
> [root at vhost02 ~]# ezjail-admin console hlldns04
> Last login: Thu May 31 10:14:37 on pts/0
> . . .
> [root at hlldns04 ~]# pkg upgrade
> Updating FreeBSD repository catalogue...
> FreeBSD repository is up to date.
> All repositories are up to date.
> New version of pkg detected; it needs to be installed first.
> The following 1 package(s) will be affected (of 0 checked):
> Installed packages to be UPGRADED:
> pkg: 1.10.3_1 -> 1.10.5
> Number of packages to be upgraded: 1
> 3 MiB to be downloaded.
> Proceed with this action? [y/N]:
> This jail has no problem reaching the internet.
Addresses in 127/8 must not appear on the network anywhere
(https://tools.ietf.org/html/rfc5735#page-3), and FreeBSD has specific
checks in the networking code to prevent this. If any jail with such an
address is contacting the network then there must be some form of NAT
involved. I can only suggest you check for differences between the jails
that can get out and the one that can't *and* look for NAT on the
host(s) with jails that can get out.
An amusing coincidence: log2(58) = 5.858 (to 0.0003% accuracy).
More information about the freebsd-questions