no network connection from inside a jail

Erich Dollansky erichsfreebsdlist at alogt.com
Thu Oct 2 14:26:00 UTC 2014


Hi,

On Thu, 02 Oct 2014 06:50:35 -0600
James Gritton <jamie at gritton.org> wrote:

> On 10/2/2014 4:05 AM, Erich Dollansky wrote:
> > Hi,
> >
> > I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine
> > until I started jails which connect to the Internet. It simply does
> > not work anymore. When the browser from the jail connects to
> > another jail on the same machine via HTTP, it all works. Accesses
> > to the ouside of the machine fails.
> >
> > Even a ping to a local device does not work.
> >
> > ping 192.168.yyy.xxx
> > ping: socket: Operation not permitted
> >
> > despite having
> >
> > security.jail.allow_raw_sockets: 1
> >
> > Just to make sure, I upgraded also the world in all jails without
> > any difference.
> >
> > UPDATING did not mention any changes since BETA1.
> >
> > I feel a bit lost now.
> >
> > What could have caused the problems?
> >
> > Erich
> 
> It would be handle to see what happens when the IP addresses are set
> on the jail in the first place.  Try running:
> 
> jail -r '*'
> jail -v -c '*'
> 
> and look at the results when it (presumably) runs ifconfig.
> Hopefully, there'll be a clue there.

this looks pretty normal to me:

ClawsMailTest: run command: /sbin/ifconfig lagg0 inet 192.168.0.17
netmask 255.255.255.255 -alias 
MemDisk: run command: /sbin/ifconfig
lagg0 inet 192.168.0.16 netmask 255.255.255.255 alias 
Projekte: run command: /sbin/ifconfig lagg0 inet 192.168.0.11 netmask
255.255.255.255 alias 
Ports: run command: /sbin/ifconfig lagg0 inet 192.168.0.12 netmask
255.255.255.255 alias 
TestInternet: run command: /sbin/ifconfig lagg0
inet 192.168.0.19 netmask 255.255.255.255 alias TestInternet: run
command: /sbin/mount -t devfs
-oruleset=4 . /usr/home/jails/TestInternet/dev

This is just an extract.

I am now able to use ping. It only allows me to ping other jails on the
same machine. Even a ping to any device at the LAN does not work.

I get now this:

ln: /dev/log: Operation not permitted

which I did not notice before the upgrade.

What I did not mention before. I am able to connect to the jails via
telnet from the machine's rooot but not from any other machine. 

Of course, the setup worked before without any problems.

Erich


More information about the freebsd-stable mailing list