Can't access network in Jail

[filipp00]

Hello.

I have dedicated server in OVH. Installed FreeBSD 10.1 (64-bit). I created Jail with FreeBSD 9.1 (32-bit) to build software, everything works fine except networking. I can't connect to any host.

Example:

root@xxx:/ # ping google.com
^C
root@xxx:/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

ifconfig (on host)

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        ether 70:54:d2:1a:8a:4f
        inet 46.105.124.31 netmask 0xffffff00 broadcast 46.105.***.***
        inet6 fe80::7254:d2ff:fe1a:8a4f%em0 prefixlen 64 scopeid 0x1
        inet6 2001:41d0:2:eb1f::1 prefixlen 128
        inet 192.168.0.1 netmask 0xffffffff broadcast 192.168.0.1
        nd6 options=8063<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL,NO_RADR,DEFAULTIF>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        inet 127.0.0.2 netmask 0xffffffff
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160

ifconfig (in jail)

: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
        inet 192.168.0.1 netmask 0xffffffff broadcast 192.168.0.1
: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>
        inet 127.0.0.2 netmask 0xffffffff
: flags=141<UP,RUNNING,PROMISC>

rc.conf (on host)

(...)
local_unbound_enable=yes
ifconfig_em0="inet 46.105.xxx.xxx netmask 255.255.255.0 broadcast 46.105.xxx.xxx"
defaultrouter="46.105.124.254"

pf_enable="YES"
pflog_enable="YES"
cloned_interfaces="lo1"
ifconfig_em0_alias0="inet 192.168.0.1"

jail_enable="YES"
jail_list="somejail"
jail_set_hostname_allow="NO"

jail_somejail_rootdir="/usr/jails/somejail"
jail_somejail_hostname="xxx.xxx.pl"
jail_somejail_ip="em0|192.168.0.1,lo0|127.0.0.2"
jail_somejail_interface="em0"
jail_somejail_devfs_enable="YES"
jail_somejail_devfs_ruleset="devfsrules_jail"
jail_somejail_parameters="allow.raw_sockets=1"
(...)

pf.conf (on host)

IP_PUB="46.105.xxx.xxx"
NET_JAIL="192.168.0.0/24"
scrub in all
nat pass on em0 from $NET_JAIL to any -> $IP_PUB

I also copied content of resolv.conf from host to jail /etc/resolv.conf.

I don't have any idea what's wrong with this.
Merry Christmas.

 

[SirDice]

Installed FreeBSD 10.1 (64-bit). I created Jail with FreeBSD 9.1 (32-bit) to build software

FreeBSD 10.1 has been End-of-Life since December 2016, FreeBSD 9.1 has been End-of-Life since December 2014(!).

https://www.freebsd.org/security/unsupported.html
Topics about unsupported FreeBSD versions

 

[scottro]

Aside from it being unsupported (I'm not familiar with OVH, maybe that's all they offer), there are some decent tutorials around about using a public host and private jail address. I found this one useful.
http://kbeezie.com/freebsd-jail-single-ip/

As SirDice says, though, you're using EOL versions which will definitely cause its own problems if not fixed.