Enable network interface in Jail

ligregni

New Member

Reaction score: 1
Messages: 18

I am a newbie Jail's user, I can't get this working:

I got the Jail working, I also can put some services (small socket programs) and run it with clients in the host system, also, I can access SSH server in the Jail from remote systems using NAT, that is, the network interface in the Jail is working, but I can't reach internet (or some other host in the network) from the Jails, for example:

Network details:

Host's network interface/IP: vr0/1.2.3.5
Jail's network interface/IP: vr0/1.2.3.7

From Host
Code:
ping 1.2.3.7 # OK
ssh 1.2.3.7 # OK
From Jail
Code:
ping 1.2.3.5 # FAIL!!!
ping: socket: operation not permitted
So I am quite sure it's matter of security policies to "enable" network packets to "leave" the jail, but, not sure where and how tune that.

Thanks in Advance
 

graudeejs

Son of Beastie

Reaction score: 698
Messages: 4,617

Code:
# sysctl security.jail.allow_raw_sockets 1
you will be able to ping from inside, jail, but as you said, its' security issue
(you can reach internet, you only can't ping by default)
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,135
Messages: 33,711

You can't ping from a jail because a jail doesn't have access to raw sockets. By default at least. Doesn't mean it's not working though ;)
 
Top