Cannot connect to internet from jail

[Mike G]

Yea ezjail man pages are very poorly documented. There are 3 things your jail has to have to be accessable from the public network. 1. a copy of the hosts /etc/resolv.conf 2, The ezjail-admin create must use the public ip address. 3. the /etc/rc.conf must contain the same ifconfig_xxx="DHCP" statements as used in the host to connect to the public network.

Then pkg_add -r will work. But ping is restricted from working inside of any jail by design. I use whois or dig commands to test for network access in place of ping.

Here are my versions of the ezjail man pages I wrote for my own use. You may find them helpfull.

Hi just a quick question, when you talk about the public ip do you mean the public ip assigned to my router/whole network by my ISP
or the IP of my machine as assigned by my router?

 

[SirDice]

[Mod: post split off from a 10 year old thread]

I suggest not using EZJail or Qjail. Both are old and haven't seen an update in a really long time. The cracks are starting to show.

 

[Alain De Vos]

bastille is known to work good.

Otherwise i use a plain /etc/jail.conf with an easy:

ip4 = inherit;
ip6 = inherit;

 

[covacat]

echo "$10" >/proc/guardian
for 5 mins of internet access

 

[freezr]

[Mod: post split off from a 10 year old thread]

I suggest not using EZJail or Qjail. Both are old and haven't seen an update in a really long time. The cracks are starting to show.

So what do you suggest then?

I am using ezjail for testing to keep my OS clean, and I found it easier to handle than bare jails.

 

[SirDice]

I am using ezjail for testing to keep my OS clean, and I found it easier to handle than bare jails.

I'm almost done migrating all my old EZJail jails to sysutils/bastille. So far I really like the way bastille is set up. Bastille also allows you to use different versions for your "base" jails. So it's easy to create 12.3-RELEASE and 13.0-RELEASE based jails on the same machine. The template infrastructure proved to be quite useful too.

BastilleBSD

Bastille is an open-source system for automating deployment and management of containerized applications on FreeBSD.

bastillebsd.org

 

[freezr]

SirDice any thoughts on IOCage?

 

[SirDice]

any thoughts on IOCage?

Seems popular. Does bhyve(8) too I believe. Never used it myself.

 

[freezr]

Seems popular. Does bhyve(8) too I believe. Never used it myself.

The Bastille documentation is very well done and even though I am simply hobbyist looks quite feasible. I really would like to move the nginx server and the gmid server on two separates containers for leisure as well for security.

 

[astyle]

FWIW, the Handbook still has a section on sysutils/ezjail at time of this post. Maybe someone could re-write it for sysutils/bastille?

 

[Cath O'Deray]

sysutils/mkjail simplifies some aspects of working with jails.

<https://github.com/mkjail/mkjail#origins>