|
|||
Network not working in my jail.
I just installed/created a jail using the FBSD Handbook as a guide. Everything worked well except that my network doesn't work at all in the jail?
Code:
# ping mother ping: socket: Operation not permitted Here is my host rc.conf Code:
# # Jails... # jail_enable="YES" jail_set_hostname_allow="NO" jail_list="father" jail_father_hostname="father.mydomain.org" jail_father_ip="192.168.2.101" jail_father_interface="re0" jail_father_rootdir="/data/jails/father" jail_father_devfs_enable="YES" Code:
# jls JID IP Address Hostname Path 3 192.168.2.101 father.mydomain.org /data/jails/father I tried to set the IP in the jail during startup (rc.conf) but no go. I'm probably missing something really stupid! TIA Krreagan |
|
|||
I thought that due to (potential) security issues ping was not allowed to work through a jail. At any rate, I have 3 jails up and running and ping doesn't work in any of them (however, regular network traffic passes both ways). Try to ping the IP of your jail from either the jail host or another machine. If it answers, then networking is working in the jail. I can't remember where I read it but I'm nearly certain I read that ping will not work inside a jail.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
Quote:
Ofcourse the fist thing I did in my jail was to attempt a ping... Now 3hrs later I find that its disabled! errrrrrrrr! They should add a note in the Handbook to this affect. Thanks Krreagan |
|
|||
This is just a guess, but if you really need ping functionality from within your jail, then you can set the following variable:
security.jail.allow_raw_sockets using sysctl to 1 (should default to 0). Bear in mind though that this could introduce potential security issues (from my understanding it's something like someone being able to monitor traffic over the physical NIC (even if that traffic originates from outside the jail)). Your call if it's that important or not.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
I'm having problems with all the items I was going to put into my jail (hobby).
NTP - needs access to set the HW clock (not allowed in jails) DHCP - needs access to BPF (again not allowed in jails) DNS (named) - already in chroot environment. PS. the security.jail.allow_raw_sockets did allow me to run ping. Although not necessary any more that I determined that my jail network was working just fine. I guess I'll have to put one of my other domains under a jail... Thanks for the help. Krreagan |
|
|||
If you run ntp on your jail host machine, it won't be necessary in the jail.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
what kind of problems?
|
Tags |
jail, ping |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Wireless Network Config working -- almost | JMJ_coder | General software and network | 4 | 20th November 2008 05:10 PM |
Set time in Jail | tanked | FreeBSD General | 5 | 22nd August 2008 01:51 PM |
Getting around Jail IP Adresses | starbuck | FreeBSD Security | 8 | 9th August 2008 01:15 AM |
Internet access within jail | Weaseal | FreeBSD General | 5 | 26th June 2008 02:45 PM |
Serving 2 domains through firewall using a Jail? | krreagan | General software and network | 1 | 4th May 2008 09:38 PM |