Hello,
This question, or those similar to it, appear several times in these forums, but I can not find a solution within those threads; apologies if I have missed something within them and this is a duplicate.
I have setup a jail with ezjail in FreeBSD 11 on a Raspberry pi. The host (rPi) IP is
rc.conf
jail.conf
pf.conf
I can ping any IP from within the jail, but from within the jail cannot connect to any service (ftp, ssh, etc) nor resolve any host; one exception, I can ssh to the host (192.168.1.137). I can ssh from the host to the jail.
from jail
Is there anything obvious?
Thanks
This question, or those similar to it, appear several times in these forums, but I can not find a solution within those threads; apologies if I have missed something within them and this is a duplicate.
I have setup a jail with ezjail in FreeBSD 11 on a Raspberry pi. The host (rPi) IP is
192.168.1.137
and is connected to a router which is connected to a cable modem. The jail IP is 10.0.0.1
.rc.conf
Code:
hostname="rpi2"
ifconfig_ue0="inet 192.168.1.137 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
sshd_enable="YES"
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
syslogd_flags="-ss"
growfs_enable="YES"
kldxref_enable="YES"
zfs_enable="YES"
jail_enable="YES"
#jail networks
cloned_interfaces="lo1"
ifconfig_lo1_alias0="inet 10.0.0.1 netmask 255.255.255.255"
#enable the gateway and packet filter
gateway_enable="YES"
pf_enable="YES"
jail.conf
Code:
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.fstab = "/etc/jail/fstab.${name}";
mount.devfs;
mount.fdescfs;
mount.procfs;
devfs_ruleset = "4";
#default path
path = "/local/jails/$name";
backuptest {
path = "/local/backup_jails/$name";
host.hostname = "backuptest";
ip4.addr = "10.0.0.1";
allow.raw_sockets;
devfs_ruleset = "5";
}
pf.conf
Code:
EXT_IF="ue0"
JAIL_IF="lo1"
IP_PUB="192.168.1.137"
IP_JAIL="10.0.0.1"
NET_JAIL="10.0.0.0/24"
scrub in all
# NAT all jail traffic
nat pass log (all) on $EXT_IF from $NET_JAIL to any -> $IP_PUB
# passing all traffic
pass out
pass in
I can ping any IP from within the jail, but from within the jail cannot connect to any service (ftp, ssh, etc) nor resolve any host; one exception, I can ssh to the host (192.168.1.137). I can ssh from the host to the jail.
from jail
Code:
root@backuptest:/ # ping ftp.freebsd.org
ping: cannot resolve ftp.freebsd.org: Host name lookup failure
root@backuptest:/ # ping 209.94.190.56
PING 209.94.190.56 (209.94.190.56): 56 data bytes
64 bytes from 209.94.190.56: icmp_seq=0 ttl=50 time=46.081 ms
64 bytes from 209.94.190.56: icmp_seq=1 ttl=50 time=44.702 ms
64 bytes from 209.94.190.56: icmp_seq=2 ttl=50 time=42.298 ms
64 bytes from 209.94.190.56: icmp_seq=3 ttl=50 time=42.421 ms
^C
--- 209.94.190.56 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 42.298/43.876/46.081/1.593 ms
root@backuptest:/ # ftp 209.94.190.56
ftp: Can't connect to `209.94.190.56:21': Operation timed out
ftp: Can't connect to `209.94.190.56:ftp'
Is there anything obvious?
Thanks