hi
problem:
(without a jail a network works, well!!!)
194.xx.xx.xx =NAT= 10.7.0.100
did as here:
http://www.scottro.net/qnd/qnd-ezjail.html
/etc/natd.conf
or
ipfw is test:
jail:
/home/jails/apachejail/etc/rc.conf
/home/jails/apachejail/etc/host
reboot...
to ok!
ping google.com it is not!!
changed
or
however:
ifconfig:
jail:
apachejail# ifconfig
if forgot nothing, vs...
how do you see it is not ping, how to influence a network? how to decide a problem?
problem:
(without a jail a network works, well!!!)
Code:
INTERNET
++
10.0.0.1
194.xx.xx.xx <- Gateway ->
from 10.7.0.100
(NAT)
++
rl0 10.7.0.100 jail
<- server0 ->
++
<- jail 192.168.1.231
jail alias rlo
192.168.1.231/32
194.xx.xx.xx =NAT= 10.7.0.100
did as here:
http://www.scottro.net/qnd/qnd-ezjail.html
Code:
ifconfig_rl0_alias0="inet 192.168.1.231/32"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.conf"
ezjail_enable="YES"
jail_apachejail_hostname="apachejail"
jail_apachejail_ip="192.168.1.231"
jail_apachejail_rootdir="/home/jails/apachejail"
jail_apachejail_exec="/bin/sh /etc/rc"
jail_apachejail_mount_enable="YES"
jail_apachejail_interface="rl0"
jail_apachejail_devfs_enable="YES"
jail_apachejail_devfs_ruleset="devfsrules_jail"
jail_apachejail_procfs_enable="YES"
jail_apachejail_fdescfs_enable="YES"
/etc/natd.conf
Code:
-redirect_address 192.168.1.231 10.7.0.100
or
ipfw is test:
Code:
#!/bin/sh
flush
add 100 check-state
add divert 8668 ip from 192.168.1.231 to any in via rl0
#add divert natd all from any to any in via rl0
add allow ip from any to any
jail:
/home/jails/apachejail/etc/rc.conf
Code:
rpc_bind_enable="NO"
inetd_enable="YES"
network_interfaces="rl0"
sshd_enable="YES"
sendmail_enable="NO"
defautrouter="10.7.0.100"
early_late_divider="NETWORKING"
/home/jails/apachejail/etc/host
Code:
127.0.0.1 apachejail.example.com apachejail
reboot...
Code:
home# jail /home/jails/apachejail apachejail 192.168.1.231
to ok!
ping google.com it is not!!
changed
Code:
security.jail.socket_unixiproute_only=1
Code:
security.jail.socket_unixiproute_only=0
however:
Code:
jail# route add default 10.7.0.100
route: writing to routing socket: Operation not permitted
ifconfig:
Code:
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=48<VLAN_MTU,POLLING>
ether 00:0e:
inet 10. netmask 0xffff0000 broadcast 10.7.255.255
inet 192.168.1.231 netmask 0xffffffff broadcast 192.168.1.231
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
jail:
apachejail# ifconfig
Code:
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=48<VLAN_MTU,POLLING>
ether 00:0e:
inet 192.168.1.231 netmask 0xffffffff broadcast 192.168.1.231
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
if forgot nothing, vs...
how do you see it is not ping, how to influence a network? how to decide a problem?