Enable network interface in Jail


New Member

Reaction score: 1
Messages: 18

I am a newbie Jail's user, I can't get this working:

I got the Jail working, I also can put some services (small socket programs) and run it with clients in the host system, also, I can access SSH server in the Jail from remote systems using NAT, that is, the network interface in the Jail is working, but I can't reach internet (or some other host in the network) from the Jails, for example:

Network details:

Host's network interface/IP: vr0/
Jail's network interface/IP: vr0/

From Host
ping # OK
ssh # OK
From Jail
ping # FAIL!!!
ping: socket: operation not permitted
So I am quite sure it's matter of security policies to "enable" network packets to "leave" the jail, but, not sure where and how tune that.

Thanks in Advance


Son of Beastie

Reaction score: 698
Messages: 4,617

# sysctl security.jail.allow_raw_sockets 1
you will be able to ping from inside, jail, but as you said, its' security issue
(you can reach internet, you only can't ping by default)


Staff member

Reaction score: 9,135
Messages: 33,711

You can't ping from a jail because a jail doesn't have access to raw sockets. By default at least. Doesn't mean it's not working though ;)