Well, I tried to set up a regular jail and I'm running into networking problems. In my /etc/rc.conf I have these:
I see that 10.0.0.2 is assigned to the bridge0 interface on the host:
And its listed as a gateway:
This already seemed odd as it didn't go to 10.0.0.1 first. It got more strange as noticed it was also the ip for my jail:
Its also the gateway on the jail:
I tried adding defaultrouter="10.0.0.1" to the /etc/rc.conf of the jail and restarting it, but it didn't change anything. This is the /etc/pf.conf on the host:
I should also note that 10.0.0.2 shows up on bridge0 on the jail. I thought it should be on the primary em0 device. Maybe I'm wrong though. Ping works from the host to 10.0.0.2:
If I try to do anything from the jail, like "pkg update" it fails:
I have the following for my jails in /etc/sysctl.conf:
This is my /etc/jail.conf at the moment as I've tried a lot of things I've found online:
I've tried a lot of things. I usually ran "service netif restart; service routing restart; service jail restart" to apply changes and/or rebooted the host and jail. My goal in this would be to have 10.0.0.1 as the gateway and the ip numbers to increment for each jail I create as I plan to have multiple and of course have the networking work right. Any suggestions?
Code:
cloned_interfaces="lo1"
ifconfig_lo1_name="bridge0"
ifconfig_bridge0="inet 10.0.0.1/24 addm em0 up"
jail_enable="YES"
pf_enable="YES"
pflog_enable="YES"
I see that 10.0.0.2 is assigned to the bridge0 interface on the host:
Code:
# ifconfig bridge0
bridge0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 10.0.0.2 netmask 0xffffffff
inet6 fe80::1%bridge0 prefixlen 64 scopeid 0x3
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
And its listed as a gateway:
Code:
# netstat -nr | grep 10.0.0.2
10.0.0.2 link#3 UH bridge0
This already seemed odd as it didn't go to 10.0.0.1 first. It got more strange as noticed it was also the ip for my jail:
Code:
# jls
JID IP Address Hostname Path
1 10.0.0.2 www1.example.com /home/user/jails/www1
Its also the gateway on the jail:
Code:
# jexec www1 netstat -nr
Routing tables
Internet:
Destination Gateway Flags Netif Expire
10.0.0.2 link#3 UH bridge0
I tried adding defaultrouter="10.0.0.1" to the /etc/rc.conf of the jail and restarting it, but it didn't change anything. This is the /etc/pf.conf on the host:
Code:
ext_if="em0"
bridge_if="bridge0"
jail_net="10.0.0.0/24"
set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo
nat on $ext_if from $jail_net to any -> ($ext_if)
rdr-anchor "rdr/*"
block in all
pass out quick keep state
antispoof for $ext_if inet
# Allow inbound traffic to the jail network
pass in on $ext_if from any to $jail_net keep state
I should also note that 10.0.0.2 shows up on bridge0 on the jail. I thought it should be on the primary em0 device. Maybe I'm wrong though. Ping works from the host to 10.0.0.2:
Code:
# ping -c 1 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: icmp_seq=0 ttl=64 time=13.726 ms
--- 10.0.0.2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.726/13.726/13.726/0.000 ms
If I try to do anything from the jail, like "pkg update" it fails:
Code:
# jexec www1 pkg update
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly, please wait...
I have the following for my jails in /etc/sysctl.conf:
Code:
security.bsd.see_jail_proc=0
security.jail.set_hostname_allowed=1
security.jail.socket_unixiproute_only=1
security.jail.sysvipc_allowed=0
security.jail.enforce_statfs=2
security.jail.allow_raw_sockets=0
security.jail.chflags_allowed=0
security.jail.jailed: 0
This is my /etc/jail.conf at the moment as I've tried a lot of things I've found online:
Code:
www1 {
host.hostname = www1.example.com;
path = "/home/ph33r/jails/www1";
interface = "bridge0";
ip4.addr = 10.0.0.2;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
#exec.poststart += "route add default 10.0.0.1";
}
I've tried a lot of things. I usually ran "service netif restart; service routing restart; service jail restart" to apply changes and/or rebooted the host and jail. My goal in this would be to have 10.0.0.1 as the gateway and the ip numbers to increment for each jail I create as I plan to have multiple and of course have the networking work right. Any suggestions?