Solved DNS Inside Jail Not Working

z662

z662

I am unable to get DNS resolution working within any of my jails. The host OS is fine but none of the jails are able to resolve domain names. I would like to use the host OS IP in the jails' /etc/resolv.conf for the nameserver but that is not working. Do I need to adjust my /etc/pf.conf of the host OS?

This is the host OS firewall config (pf):
Code: 
set skip on lo0
interface="re1"
apacheJail="192.168.0.102"
ircJail="192.168.0.103"
plexJail="192.168.0.104"
scrub in all
rdr pass on $interface proto tcp from any to $interface port 80 -> $apacheJail
rdr pass on $interface proto tcp from any to $interface port 6667 -> $ircJail
rdr pass on $interface proto tcp from any to $interface port 32400 -> $plexJail
antispoof for lo0
antispoof for $interface
block in on $interface
pass in on $interface proto tcp from any to any port 2662
pass out on $interface proto {tcp,udp,icmp} all
 
I have also pasted the host OS /etc/rc.conf below:
Code: 
hostname="mercury.milkyway"
keyrate="fast"
#ifconfig_re0="192.168.0.101 netmask 255.255.255.0"
ifconfig_re1="SYNCDHCP"
pf_enable="YES"
pf_rules="/etc/pf.conf"
dumpdev="NO"
zfs_enable="YES"
sshd_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
ezjail_enable="YES"
nfs_client_enable="YES"
kern_securelevel_enable="YES"
kern_securelevel="3"
 
Hello,

If the host is not a DNS server itself, but rather is using external DNS servers specified in its /etc/resolv.conf, then the jails should be able to use the same servers in their own /etc/resolv.conf. If you want the jails to use the host IP as their DNS server, you have to make the host listening on port 53 for DNS requests with unbound(8). You should start by enabling it on the host in /etc/rc.conf with the line local_unbound_enable="YES".

Regards,
Guillaume
 
Thanks for the reply Guillaume. I have added local_unbound_enable="YES" to my host /etc/rc.conf but unfortunately the jails are still not resolving domain names. I rebooted after adding that of course.

The jail's /etc/rc.conf is as follows:
Code: 
plexmediaserver_enable="YES"
nfs_client_enable="YES"
kern_securelevel_enable="YES"
kern_securelevel="3"


Jail /etc/resolv.conf
Code: 
search milkyway
nameserver 192.168.0.1  #my router IP

Host /etc/resolv.conf
Code: 
# Generated by resolvconf
search milkyway
# nameserver 192.168.0.1
nameserver 127.0.0.1
options edns0
 
It's local Unbound for a reason. Unbound only listens on the localhost address by default. See sockstat | grep unbound. You'll need to set Unbound to listen on all IP addresses.

unbound.conf
Code: 
interface: 0.0.0.0

Chances are you'll not want the local Unbound setup to automatically update your configuration under /var/unbound/unbound.conf. You'll likely want to make a file under /var/unbound/conf.d/ since that is automatically included (10.1-RELEASE). Be sure to validate that Unbound is listening on *:53 by checking the sockstat output afterwards so you'll know in advance that the jails can query it.
 
Thanks. I updated the configuration file as you have suggested and verified the output from sockstat before and afterwards. It seems that I am still unable to get DNS working within the jails. Was I supposed to remove the entry for unbound in my /etc/rc.conf file as well?

Here is my output.

before:
Code: 
brad@mercury:/home/brad$ sockstat | grep unbound
unbound  unbound  951  3  udp6  ::1:53  *:*
unbound  unbound  951  4  tcp6  ::1:53  *:*
unbound  unbound  951  5  udp4  127.0.0.1:53  *:*
unbound  unbound  951  6  tcp4  127.0.0.1:53  *:*
unbound  unbound  951  7  stream -> ??
unbound  unbound  951  8  stream -> ??

after:
Code: 
brad@mercury:/home/brad$ sockstat | grep unbound
unbound  unbound  929  3  udp4  *:53  *:*
unbound  unbound  929  4  tcp4  *:53  *:*
unbound  unbound  929  5  stream -> ??
unbound  unbound  929  6  stream -> ??
brad@mercury:/home/brad$ sudo jexec 1 sh

What is up with the last 2 entries (stream and ??) just out of curiosity?
 
Hmm, what happens when you query it from another machine on your LAN? Does it get an access denied? Try either dig @192.168.0.101 [URL='http://www.google.com']www.google.com[/URL] or drill @192.168.1.101 [URL='http://www.google.com']www.google.com[/URL]. You may need to add an access control line.

Code: 
access-control: 192.168.0.0/16 allow

As far as the stream, it's local communication on the machine. Look for SOCK_STREAM in socket(2).
 
Last edited:
Not quite sure I follow but this is what I did (no other BSD machines on the LAN).

Added
Code: 
access-control: 192.168.0.0/16 allow
to my unbound.conf file on the host machine (mercury: 192.168.0.101)

Used my CentOS desktop to dig @192.168.0.101 google.com and received this output
Code: 
brad@EARTH:~$ dig @192.168.0.101 google.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @192.168.0.101 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Ran this from the host machine (mercury) drill @192.168.0.102 google.com (192.168.0.102 is the Jail's IP)
Code: 
brad@mercury:/home/brad$ drill @192.168.0.102 google.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 42761
;; flags: qr rd ra ; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.com.  IN  A

;; ANSWER SECTION:
google.com.  14  IN  A  173.194.123.65
google.com.  14  IN  A  173.194.123.73
google.com.  14  IN  A  173.194.123.72
google.com.  14  IN  A  173.194.123.67
google.com.  14  IN  A  173.194.123.78
google.com.  14  IN  A  173.194.123.68
google.com.  14  IN  A  173.194.123.66
google.com.  14  IN  A  173.194.123.71
google.com.  14  IN  A  173.194.123.69
google.com.  14  IN  A  173.194.123.64
google.com.  14  IN  A  173.194.123.70

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 192.168.0.102
;; WHEN: Sun Dec 28 19:42:21 2014
;; MSG SIZE  rcvd: 204

Still no luck with DNS within the jail(s) though.
 
I thought this was some firewall thing with UDP, but it occurs to me that you have not shown what actually happens when you try a DNS query in a jail.
 
No problem. It just times out I think. Here is an example:

Code: 
brad@mercury:/home/brad$ sudo jexec 1 sh
Password:
# drill google.com
;; No packet received
# pkg install nmap
Updating repository catalogue
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/digests.txz: No address record
pkg: Unable to find catalogs
 
z662 said:
Jail /etc/resolv.conf
Code: 
search milkyway
nameserver 192.168.0.1  #my router IP
Click to expand...

Your jail /etc/rc.conf should point to your host IP, not your router IP. if you make unbound listening on the host on port 53, but let the jails make queries outside, it will not work.

Regards,
Guillaume
 
Perfect, thanks!

If I was to not use unbound would it be possible to have it work pointing to my router? I like this setup (pointing to my host IP) but am just curious.
 
Not sure if this has to do with my recent updates for the unbound.conf file but it looks like I am having issues with updating packages now within the jails. When using pkg it times out after trying to update/fetch the repository catalog. Here is a snippet when trying to update the pkg utility. Until I can update pkg I cannot update any other packages or ports.

Code: 
brad@mercury:/home/brad$ sudo jexec 1 sh
# pkg install pkg
Updating repository catalogue
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/digests.txz: No address record
pkg: Unable to find catalogs
# drill google.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 16238
;; flags: qr rd ra ; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.com.  IN  A

;; ANSWER SECTION:
google.com.  216  IN  A  173.194.123.33
google.com.  216  IN  A  173.194.123.46
google.com.  216  IN  A  173.194.123.40
google.com.  216  IN  A  173.194.123.37
google.com.  216  IN  A  173.194.123.38
google.com.  216  IN  A  173.194.123.34
google.com.  216  IN  A  173.194.123.39
google.com.  216  IN  A  173.194.123.41
google.com.  216  IN  A  173.194.123.32
google.com.  216  IN  A  173.194.123.35
google.com.  216  IN  A  173.194.123.36

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 27 msec
;; SERVER: 192.168.0.101
;; WHEN: Mon Dec 29 06:47:16 2014
;; MSG SIZE  rcvd: 204
# whereis portmaster
portmaster: /usr/ports/ports-mgmt/portmaster
# cd /usr/ports/ports-mgmt/portmaster
# make install
===>  portmaster-3.17.7 pkg(8) must be version 1.3.8 or greater, but you have 1.2.6. You must upgrade the ports-mgmt/pkg port first.
*** Error code 1

Stop.
make: stopped in /basejail/usr/ports/ports-mgmt/portmaster
# cd ../pkg
# make deinstall
===>  Deinstalling for pkg
/var/ports/basejail/usr/ports/ports-mgmt/pkg/work/pkg-1.4.1/src/pkg-static: not found
===>  pkg not installed, skipping
# make install
===>  License BSD2CLAUSE accepted by the user
=> pkg-1.4.1.tar.xz doesn't seem to exist in /var/ports/distfiles/.
=> Attempting to fetch http://files.etoilebsd.net/pkg/pkg-1.4.1.tar.xz
fetch: http://files.etoilebsd.net/pkg/pkg-1.4.1.tar.xz: No address record
=> Attempting to fetch http://distcache.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz
fetch: http://distcache.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz: No address record
=> Attempting to fetch http://distcache.us-east.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz
fetch: http://distcache.us-east.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz: No address record
=> Attempting to fetch http://distcache.eu.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz
 
You pf ruleset is not very clear, I am not sure if it is a gateway for you LAN having two interfaces re0 and re1, and by reading your /etc/rc.conf it seems it only has a single interface with no forwarding enabled. It is then difficult to fix your firewall ruleset without these details. Can you give us more details, as well as an output of ifconfig as well as jls?

Regards,
Guillaume
 
Ah I think that may be the issue then...I forgot about the multiple NICs. Basically what happened was I was originally using my onboard NIC (re0) and that was used when the jails were created. Later I switched it to re1 and installed a better NIC. I just commented that entry out and then used syncdhcp for re1. I think the jails are still tied to re0 though. Is that true? If so, can I update that without having to recreate them?

Here is the output you asked for:

Code: 
brad@mercury:/home/brad$ jls  
  JID  IP Address  Hostname  Path
  1  192.168.0.104  plexJail  /usr/jails/plexJail
  2  192.168.0.103  ircJail  /usr/jails/ircJail
  3  192.168.0.102  apacheJail  /usr/jails/apacheJail

brad@mercury:/home/brad$ ifconfig  
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
  ether b8:97:5a:23:26:32
  inet 192.168.0.104 netmask 0xffffffff broadcast 192.168.0.104
  inet 192.168.0.103 netmask 0xffffffff broadcast 192.168.0.103
  inet 192.168.0.102 netmask 0xffffffff broadcast 192.168.0.102
  nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
  media: Ethernet autoselect (none)
  status: no carrier
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
  ether 00:14:d1:2b:9c:b5
  inet 192.168.0.101 netmask 0xffffff00 broadcast 192.168.0.255
  nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
  media: Ethernet autoselect (1000baseT <full-duplex>)
  status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
  inet6 ::1 prefixlen 128
  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
  inet 127.0.0.1 netmask 0xff000000
  nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
brad@mercury:/home/brad$
 
You have addresses from the same subnet (192.168.0.0/24) on multiple interfaces and that is not going to work under any conditions. On top of that you have the jail addresses on the inactive interface re0. Move everything to re1 and it just might work without any further tweaking.
 
Indeed your jails IPs are tied to re0 (which is down) as per your ifconfig output. I do not know where ezjail manages the jails IPs, you will have to figure that out. When jails are created manually, the jails IP aliases have to be specified in /etc/rc.conf. In addition, your network mask seems wrong in your output. You have 255.255.255.0 (0xffffff00) for you host 192.168.0.101, whereas your jails have the mask 255.255.255.255 (0xffffffff). Your jails network configuration should be fixed to move network aliases on the re1 interface, and probably modified with a netmask like the host (/24).

EDIT: kpa you were faster than me :)

Regards,
Guillaume
 
Ok thanks for the assistance and help. Makes sense... I will do some reading later about the jails and hopefully reconfigure them without having to completely redo everything.
 
z662 said:
Perfect, thanks!

If I was to not use unbound would it be possible to have it work pointing to my router? I like this setup (pointing to my host IP) but am just curious.
Click to expand...

Once your networking is taken care of you can do this. Your jails can query either the router or the host IP. From the sounds of it, you may have used the re0|192.168.0.10X style syntax in your /usr/local/etc/ezjail/jailname configurations to create addresses when jails start. It should just be a matter of changing that to the new interface.
 
I updated my jail configuration files to point to re1 but I think I also need to completely disable re0 since I am still unable to get them working for DNS. How can I do that?

I am a bit concerned with the health of my system regarding anything network related.

Here are my current configurations, please let me know what needs to be fixed. Thanks!

Code: 
brad@mercury:/home/brad$ cat /etc/hosts
# $FreeBSD: release/10.0.0/etc/hosts 109997 2003-01-28 21:29:23Z dbaker $
#
# Host Database
#
# This file should contain the addresses and aliases for local hosts that
# share this file.  Replace 'my.domain' below with the domainname of your
# machine.
#
# In the presence of the domain name service or NIS, this file may
# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
#
#
::1  localhost localhost.my.domain
127.0.0.1  localhost localhost.my.domain
192.168.0.101 mercury mercury.milkyway
192.168.0.102 apacheJail apacheJail.milkyway
192.168.0.103 ircJail ircJail.milkyway
192.168.0.104 plexJail plexJail.milkyway
#
# Imaginary network.
#10.0.0.2  myname.my.domain myname
#10.0.0.3  myfriend.my.domain myfriend
#
# According to RFC 1918, you can use the following IP networks for
# private nets which will never be connected to the Internet:
#
#  10.0.0.0  -  10.255.255.255
#  172.16.0.0  -  172.31.255.255
#  192.168.0.0  -  192.168.255.255
#
# In case you want to be able to connect to the Internet, you need
# real official assigned numbers.  Do not try to invent your own network
# numbers but instead get one from your network provider (if any) or
# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)
#
brad@mercury:/home/brad$ ifconfig
re0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
  ether b8:97:5a:23:26:32
  nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
  media: Ethernet autoselect (none)
  status: no carrier
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
  ether 00:14:d1:2b:9c:b5
  inet 192.168.0.101 netmask 0xffffff00 broadcast 192.168.0.255
  inet 192.168.0.104 netmask 0xffffffff broadcast 192.168.0.104
  inet 192.168.0.103 netmask 0xffffffff broadcast 192.168.0.103
  inet 192.168.0.102 netmask 0xffffffff broadcast 192.168.0.102
  nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
  media: Ethernet autoselect (1000baseT <full-duplex>)
  status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
  inet6 ::1 prefixlen 128
  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
  inet 127.0.0.1 netmask 0xff000000
  nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo1: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
  nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
brad@mercury:/home/brad$ cat /etc/rc.conf
hostname="mercury.milkyway"
keyrate="fast"
#ifconfig_re0="192.168.0.101 netmask 255.255.255.0"
ifconfig_re1="SYNCDHCP"
cloned_interfaces="${cloned_interfaces} lo1"
pf_enable="YES"
pf_rules="/etc/pf.conf"
dumpdev="NO"
zfs_enable="YES"
sshd_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
ezjail_enable="YES"
nfs_client_enable="YES"
#kern_securelevel_enable="YES"
#kern_securelevel="3"
local_unbound_enable="YES"
brad@mercury:/home/brad$ cat /usr/local/etc/ezjail/plexJail
# To specify the start up order of your ezjails, use these lines to
# create a Jail dependency tree. See rcorder(8) for more details.
#
# PROVIDE: standard_ezjail
# REQUIRE:
# BEFORE:
#

export jail_plexJail_hostname="plexJail"
export jail_plexJail_ip="re1|192.168.0.104"
export jail_plexJail_rootdir="/usr/jails/plexJail"
export jail_plexJail_exec_start="/bin/sh /etc/rc"
export jail_plexJail_exec_stop=""
export jail_plexJail_mount_enable="YES"
export jail_plexJail_devfs_enable="YES"
export jail_plexJail_devfs_ruleset="devfsrules_jail"
export jail_plexJail_procfs_enable="YES"
export jail_plexJail_fdescfs_enable="YES"
export jail_plexJail_image=""
export jail_plexJail_imagetype=""
export jail_plexJail_attachparams=""
export jail_plexJail_attachblocking=""
export jail_plexJail_forceblocking=""
export jail_plexJail_zfs_datasets=""
export jail_plexJail_cpuset=""
export jail_plexJail_fib=""
export jail_plexJail_parentzfs=""
export jail_plexJail_parameters=""
export jail_plexJail_post_start_script=""
brad@mercury:/home/brad$

Jail(s)
Code: 
brad@mercury:/home/brad$ jls
  JID  IP Address  Hostname  Path
  1  192.168.0.104  plexJail  /usr/jails/plexJail
  2  192.168.0.103  ircJail  /usr/jails/ircJail
  3  192.168.0.102  apacheJail  /usr/jails/apacheJail
brad@mercury:/home/brad$ sudo jexec 1 sh
# cat /etc/hosts
# $FreeBSD: release/10.0.0/etc/hosts 109997 2003-01-28 21:29:23Z dbaker $
#
# Host Database
#
# This file should contain the addresses and aliases for local hosts that
# share this file.  Replace 'my.domain' below with the domainname of your
# machine.
#
# In the presence of the domain name service or NIS, this file may
# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
#
#
::1  localhost localhost.milkyway
127.0.0.1  localhost localhost.milkyway
192.168.0.104  plexJail  plexJail.milkyway
#
# Imaginary network.
#10.0.0.2  myname.my.domain myname
#10.0.0.3  myfriend.my.domain myfriend
#
# According to RFC 1918, you can use the following IP networks for
# private nets which will never be connected to the Internet:
#
#  10.0.0.0  -  10.255.255.255
#  172.16.0.0  -  172.31.255.255
#  192.168.0.0  -  192.168.255.255
#
# In case you want to be able to connect to the Internet, you need
# real official assigned numbers.  Do not try to invent your own network
# numbers but instead get one from your network provider (if any) or
# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)
#
# ifconfig
re0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
  ether b8:97:5a:23:26:32
  media: Ethernet autoselect (none)
  status: no carrier
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
  ether 00:14:d1:2b:9c:b5
  inet 192.168.0.104 netmask 0xffffffff broadcast 192.168.0.104
  media: Ethernet autoselect (1000baseT <full-duplex>)
  status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
lo1: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
# cat /etc/rc.conf
plexmediaserver_enable="YES"
nfs_client_enable="YES"
kern_securelevel_enable="YES"
kern_securelevel="3"
#
 
It looks like ifconfig and/or ifdown can be called from /etc/rc.conf but I cannot find any examples of people disabling interfaces with it at startup.
 
You are good on the interfaces. Notice the "UP" keyword that is on your re1 but not on re0. Since re0 is all commented out in your /etc/rc.conf it will not come up on the next boot. While already booted, you can run ifconfig re0 down or service netif stop re0. Using ifdown (or ifup) is a Linux specific command.

Does everything appear to be working now?
 
Unfortunately no. Right now my problem is that I need to upgrade the ports-mgmt/pkg port. Until I can do that I cannot fix and upgrade a few things that I need to. When I run drill google.com from within the jail I DO get a DNS response. However whenever I try to make install or pkg install it fails to do anything because it does not get a response back. Also, when running ifconfig from within the host OS or jail I still see re0 so I thought maybe I should disable it in general. I am not sure why it comes online when commented out in /etc/rc.conf... perhaps because it is an onboard NIC.

Let me know what you think based on the below.

Code: 
brad@mercury:/home/brad$ sudo jexec 1 sh
Password:
# cd /usr/ports/ports-mgmt/pkg
# make install
===>  License BSD2CLAUSE accepted by the user
=> pkg-1.4.1.tar.xz doesn't seem to exist in /var/ports/distfiles/.
=> Attempting to fetch http://files.etoilebsd.net/pkg/pkg-1.4.1.tar.xz
fetch: http://files.etoilebsd.net/pkg/pkg-1.4.1.tar.xz: No address record
=> Attempting to fetch http://distcache.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz
fetch: http://distcache.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz: No address record
=> Attempting to fetch http://distcache.us-east.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz
fetch: http://distcache.us-east.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz: No address record
=> Attempting to fetch http://distcache.eu.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz
fetch: http://distcache.eu.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz: No address record
=> Attempting to fetch http://distcache.us-west.FreeBSD.org/local-distfiles/portmgr/pkg-1.4.1.tar.xz
^C
# ifconfig
re0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
  ether b8:97:5a:23:26:32
  media: Ethernet autoselect (none)
  status: no carrier
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
  ether 00:14:d1:2b:9c:b5
  inet 192.168.0.104 netmask 0xffffffff broadcast 192.168.0.104
  media: Ethernet autoselect (1000baseT <full-duplex>)
  status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
lo1: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
# exit
brad@mercury:/home/brad$ ifconfig
re0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
  ether b8:97:5a:23:26:32
  nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
  media: Ethernet autoselect (none)
  status: no carrier
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
  ether 00:14:d1:2b:9c:b5
  inet 192.168.0.101 netmask 0xffffff00 broadcast 192.168.0.255
  inet 192.168.0.104 netmask 0xffffffff broadcast 192.168.0.104
  inet 192.168.0.103 netmask 0xffffffff broadcast 192.168.0.103
  inet 192.168.0.102 netmask 0xffffffff broadcast 192.168.0.102
  nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
  media: Ethernet autoselect (1000baseT <full-duplex>)
  status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
  inet6 ::1 prefixlen 128
  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
  inet 127.0.0.1 netmask 0xff000000
  nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo1: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
  nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
brad@mercury:/home/brad$
 
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 00:14:d1:2b:9c:b5
inet 192.168.0.101 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.104 netmask 0xffffffff broadcast 192.168.0.104
inet 192.168.0.103 netmask 0xffffffff broadcast 192.168.0.103
inet 192.168.0.102 netmask 0xffffffff broadcast 192.168.0.102
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
Click to expand...

I do not have jails at hand to check, but for me all of your jails netmask are wrong and should be like the host (0xffffff00 = 255.255.255.0 or /24).

Regards,
Guillaume
 
You must log in or register to reply here.
Back
Top