DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th June 2008
Weaseal's Avatar
Weaseal Weaseal is offline
Package Pilot
 
Join Date: May 2008
Location: East Coast, US
Posts: 177
Thanked 7 Times in 7 Posts
Default Internet access within jail

Hi all. I've successfully built a jail, but I want to add internet access (so I can build ports within the jail). I have so far been unsuccessful with my own attempts and am unable to find a useful guide on the internet.

Can anyone recommend one, or provide a comprehensive guide?
__________________
FreeBSD addict since 4.2-RELEASE.
My FreeBSD wiki.

Last edited by Weaseal; 25th June 2008 at 09:22 PM.
Reply With Quote
  #2   (View Single Post)  
Old 25th June 2008
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 446
Thanked 69 Times in 46 Posts
Default

You should already have internet access if your jail's IP address is using an appropriate alias on the host environment's network interface.

You'll definitely need to add a nameserver to /etc/resolv.conf within the jail.
__________________
Kill your t.v.
Reply With Quote
  #3   (View Single Post)  
Old 26th June 2008
Weaseal's Avatar
Weaseal Weaseal is offline
Package Pilot
 
Join Date: May 2008
Location: East Coast, US
Posts: 177
Thanked 7 Times in 7 Posts
Default

On the host:
Code:
$ cat /etc/rc.conf
gateway_enable="YES"
hostname="myhost.com"
ifconfig_dc0="DHCP"
keyrate="fast"
moused_enable="YES"
sshd_enable="YES"

ifconfig_dc0_alias0="inet 10.10.10.10 netmask 255.255.255.255"

jail_enable="YES"   # Set to NO to disable starting of any jails
jail_list="songbird"     # Space separated list of names of jails

jail_songbird_interface="dc0"
jail_songbird_rootdir="/usr/jails/songbird"     # jail's root directory
jail_songbird_hostname="songbird.myhost.com"    # jail's hostname
jail_songbird_ip="10.10.10.10"           # jail's IP address
jail_songbird_devfs_enable="YES"          # mount devfs in the jail
jail_songbird_devfs_ruleset="devfsrules_jail" # devfs ruleset to apply to jail

jail_songbird_exec_start="/bin/sh /etc/rc"
jail_songbird_exec_stop="/bin/sh /etc/rc.shutdown"

pf_enable="yes"
pf_rules="/etc/pf.conf"
And,
Code:
$ cat /etc/pf.conf
nat on dc0 from 10.10.10.0/24 to any -> (dc0)
pass in all
pass out all
And,
Code:
$ ifconfig
dc0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 192.168.0.5 netmask 0xffffff00 broadcast 192.168.0.255
        inet 10.10.10.10 netmask 0xffffffff broadcast 10.10.10.10
        ether 00:a0:cc:d6:d2:ee
        media: Ethernet autoselect (100baseTX)
        status: active
re0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        ether 00:11:09:96:a7:ad
        media: Ethernet autoselect (100baseTX <half-duplex>)
        status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
From within the jail:
Code:
# ping 192.168.0.33
ping: socket: Operation not permitted
And,
Code:
$ ifconfig
dc0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 10.10.10.10 netmask 0xffffffff broadcast 10.10.10.10
        ether 00:a0:cc:d6:d2:ee
        media: Ethernet autoselect (100baseTX)
        status: active
re0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        ether 00:11:09:96:a7:ad
        media: Ethernet autoselect (100baseTX <half-duplex>)
        status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
Any guesses?
__________________
FreeBSD addict since 4.2-RELEASE.
My FreeBSD wiki.

Last edited by Weaseal; 26th June 2008 at 12:41 AM.
Reply With Quote
  #4   (View Single Post)  
Old 26th June 2008
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 446
Thanked 69 Times in 46 Posts
Default

For one thing, you can not ping from within a jail. Instead, for a connectivity test, try e.g.:

# nc -z -w 2 www.daemonforums.org 80

Also, there may be some complications due to the fact that your alias is on another subnet. Did you add a routing table entry to the host system for the 10.10.10.10 address's network? (Or is the pf nat rule really all that's needed? Not sure on that one.)
__________________
Kill your t.v.
Reply With Quote
  #5   (View Single Post)  
Old 26th June 2008
cajunman4life cajunman4life is offline
Real Name: Aaron Graves
Package Pilot
 
Join Date: May 2008
Location: Coolidge, Arizona
Posts: 203
Thanked 16 Times in 14 Posts
Default

IIRC, you can't have an address from a different subnet on one interface. You'll have to use another interface, or an address within the 192.168.0.0/24 subnet.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident!
Reply With Quote
  #6   (View Single Post)  
Old 26th June 2008
Weaseal's Avatar
Weaseal Weaseal is offline
Package Pilot
 
Join Date: May 2008
Location: East Coast, US
Posts: 177
Thanked 7 Times in 7 Posts
Default

Quote:
Originally Posted by anomie View Post
For one thing, you can not ping from within a jail. Instead, for a connectivity test, try e.g.:

# nc -z -w 2 www.daemonforums.org 80

Also, there may be some complications due to the fact that your alias is on another subnet. Did you add a routing table entry to the host system for the 10.10.10.10 address's network? (Or is the pf nat rule really all that's needed? Not sure on that one.)
I do have a static route and your command worked! My confusion is that sysinstall still won't get online (complains that there is no available NIC), however after testing your command I tried csup for ports and it worked fine. Interesting...
__________________
FreeBSD addict since 4.2-RELEASE.
My FreeBSD wiki.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Access Problem OpenBSD 4.3 alcy OpenBSD General 3 19th September 2008 06:00 PM
Set time in Jail tanked FreeBSD General 5 22nd August 2008 01:51 PM
Getting around Jail IP Adresses starbuck FreeBSD Security 8 9th August 2008 01:15 AM
no internet connection inside jail...? bgobs FreeBSD General 11 17th June 2008 04:36 PM
Network not working in my jail. krreagan FreeBSD Security 7 5th May 2008 11:43 PM


All times are GMT. The time now is 10:02 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick