FreeBSD 12.1-RELEASE + Ezjail & 9 Jails for a PHP Project! Receiving errors I cannot find answers for!

StreetDancer

StreetDancer

Hey everyone! Thank you all for your time.

I am trying to get all 9 jails networked on a 192.168.3.x [1-9] depending on EzJail Jails (php1 - php9) and I edited the ezjail configuration file for the jails to allow pinging in the parameter settings. This solved the ping restrictions.

I have now come up against new restrictions that are preventing my EzJail Jail (FreeBSD 12.1-RELEASE also) (on all 9) ... It's giving me the following errors on up and down interface after applying the rc.conf network updates on em1. I even restarted using ezjail-admin and both php2 and php3 (which I am using to test ping back and forth).

The error I am getting now is (on system start & I am restricted from dmesg; so I can't post the full thing):

Code: 
ifconfig: up: permission denied
ifconfig: ioctl (SIOCAIFADDR): permission denied
ifconfig: socket(family 28,SOCK_DGRAM): Protocol not supported
ifconfig: socket(family 28,SOCK_DGRAM): Protocol not supported
Starting Network: lo0 vtnet0 lo1.

my rc.conf LAN STATIC entry is just a 1 line as follows:

Code: 
ifconfig_em1="inet 192.168.3.2 netmask 255.255.255.0"

That's for Ezjail #2 - php2

and .3 for Ezjail #3 - php3

Any pointers in the right direction would be helpful; thank you!

~ Brandon
 
You can't set the jail's IP address from within the jail, at least not with a regular jail. This is set outside of the jail. Just remove the ifconfig_* lines from your jail's /etc/rc.conf. No need to set the jail's IP addresses on the host either, they'll be automatically added and removed when the jail starts or stops.

Set the interface and IP address in the correct /usr/local/etc/ezjail/<jail> configuration file.

Code: 
export jail_<jailname>_ip="em1|192.168.3.x/24"
 
SirDice,

Thank you for this knowledge. I changed all 9 configuration files in /usr/local/etc/ezjail/<php1> - <php9> and added the export jail ip line... this seemed to trash all the pre-existing Public STATIC IP Addresses and 127.0.1.0, 127.0.2.0, etc on all the machines.

Code: 
root@supernova:/usr/local/etc/ezjail # ezjail-admin list
STA JID  IP              Hostname                       Root Directory
--- ---- --------------- ------------------------------ ------------------------
DSN N/A  -                                              
DR  38   192.168.3.9/24  php9                           /usr/jails/php9
DSN N/A  -                                              
DR  37   192.168.3.8/24  php8                           /usr/jails/php8
DSN N/A  -                                              
DR  36   192.168.3.7/24  php7                           /usr/jails/php7
DSN N/A  -                                              
DR  35   192.168.3.6/24  php6                           /usr/jails/php6
DSN N/A  -                                              
DR  34   192.168.3.5/24  php5                           /usr/jails/php5
DSN N/A  -                                              
DR  33   192.168.3.4/24  php4                           /usr/jails/php4
DSN N/A  -                                              
DSN N/A  -                                              
DR  40   192.168.3.3/24  php3                           /usr/jails/php3
DSN N/A  -                                              
DSN N/A  -                                              
DR  39   192.168.3.2/24  php2                           /usr/jails/php2
DSN N/A  -                                              
DSN N/A  -                                              
DS  N/A  192.168.3.1/24  php1                           /usr/jails/php1
root@supernova:/usr/local/etc/ezjail # ezjail-admin start php1
Starting jails: cannot start jail  "php1": 
ifconfig: interface em1 does not exist
jail: php1: /sbin/ifconfig em1 inet 192.168.3.1/24 alias: failed
.
/etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables  is obsolete.  Please consider migrating to /etc/jail.conf.
Error: Could not start php1.
  You need to start it by hand.
root@supernova:/usr/local/etc/ezjail #

The /etc/rc.d/jail: WARNING (I've been getting that since day 1 successful with EzJail Jails).
 
StreetDancer said:
this seemed to trash all the pre-existing Public STATIC IP Addresses and 127.0.1.0, 127.0.2.0, etc on all the machines.
Click to expand...
It shouldn't touch any of the existing addresses. Where do those 127. addresses come from? That's not what you indicated here:
StreetDancer said:
I am trying to get all 9 jails networked on a 192.168.3.x [1-9] depending on EzJail Jails (php1 - php9)
Click to expand...

Please explain what exactly you're trying to accomplish. Because I have a feeling we're hitting an xy problem.

StreetDancer said:
The /etc/rc.d/jail: WARNING (I've been getting that since day 1 successful with EzJail Jails).
Click to expand...
Yeah, you can ignore that. Ezjail was created when jail configuration was done differently. Ezjail was never updated for this and probably never will.
 
This is what it used to look like:

Code: 
STA JID  IP              Hostname                       Root Directory
--- ---- --------------- ------------------------------ ------------------------
DR  29   127.0.9.1       php9                           /usr/jails/php9
    29   vtnet0|206.62.240.89
DR  28   127.0.8.1       php8                           /usr/jails/php8
    28   vtnet0|206.62.240.88
DR  27   127.0.7.1       php7                           /usr/jails/php7
    27   vtnet0|206.62.240.87
DR  26   127.0.6.1       php6                           /usr/jails/php6
    26   vtnet0|206.62.240.86
DR  25   127.0.5.1       php5                           /usr/jails/php5
    25   vtnet0|206.62.240.85
DR  24   127.0.4.1       php4                           /usr/jails/php4
    24   vtnet0|206.62.240.84
DR  23   127.0.3.1       php3                           /usr/jails/php3
    23   vtnet0|206.62.240.83
DR  22   127.0.2.1       php2                           /usr/jails/php2
    22   vtnet0|206.62.240.82
DSN N/A  -                                              
DR  13   127.0.1.1       php1                           /usr/jails/php1
    13   vtnet0|206.62.240.81
 
I am not certain; when I created these jails using EzJail; I used the following command:

Code: 
ezjail-admin create php1 'lo1|127.0.1.1,vtnet0|206.62.240.81'

Where did ezjail put the configuration of those? It seems that once that export jail STATIC IP line was added (which I think is fantastic!); it took precedent. I wonder if it needs all the IP's on each one to properly work. However, I don't see why it wouldn't work like it did and then use it as a secondary IP / IP Interface.
 
Here is my main FreeBSD 12.1-RELEASE /etc/rc.conf networking segment (Perhaps I am doing something wrong on host end):

Code: 
ifconfig_vtnet0="inet 206.62.240.66 netmask 255.255.255.224"

ifconfig_vtnet0_alias1="inet 206.62.240.67 netmask 255.255.255.224"
ifconfig_vtnet0_alias2="inet 206.62.240.68 netmask 255.255.255.224"
ifconfig_vtnet0_alias3="inet 206.62.240.69 netmask 255.255.255.224"
ifconfig_vtnet0_alias4="inet 206.62.240.70 netmask 255.255.255.224"
ifconfig_vtnet0_alias5="inet 206.62.240.71 netmask 255.255.255.224"

ifconfig_vtnet0_alias6="inet 206.62.240.72 netmask 255.255.255.224"
ifconfig_vtnet0_alias7="inet 206.62.240.73 netmask 255.255.255.224"
ifconfig_vtnet0_alias8="inet 206.62.240.74 netmask 255.255.255.224"
ifconfig_vtnet0_alias9="inet 206.62.240.75 netmask 255.255.255.224"
ifconfig_vtnet0_alias10="inet 206.62.240.76 netmask 255.255.255.224"

ifconfig_vtnet0_alias11="inet 206.62.240.77 netmask 255.255.255.224"
ifconfig_vtnet0_alias12="inet 206.62.240.78 netmask 255.255.255.224"
ifconfig_vtnet0_alias13="inet 206.62.240.79 netmask 255.255.255.224"
ifconfig_vtnet0_alias14="inet 206.62.240.80 netmask 255.255.255.224"
ifconfig_vtnet0_alias15="inet 206.62.240.81 netmask 255.255.255.224"

ifconfig_vtnet0_alias16="inet 206.62.240.82 netmask 255.255.255.224"
ifconfig_vtnet0_alias17="inet 206.62.240.83 netmask 255.255.255.224"
ifconfig_vtnet0_alias18="inet 206.62.240.84 netmask 255.255.255.224"
ifconfig_vtnet0_alias19="inet 206.62.240.85 netmask 255.255.255.224"
ifconfig_vtnet0_alias20="inet 206.62.240.86 netmask 255.255.255.224"

ifconfig_vtnet0_alias21="inet 206.62.240.87 netmask 255.255.255.224"
ifconfig_vtnet0_alias22="inet 206.62.240.88 netmask 255.255.255.224"
ifconfig_vtnet0_alias23="inet 206.62.240.89 netmask 255.255.255.224"
ifconfig_vtnet0_alias24="inet 206.62.240.90 netmask 255.255.255.224"
ifconfig_vtnet0_alias25="inet 206.62.240.91 netmask 255.255.255.224"

ifconfig_vtnet0_alias26="inet 206.62.240.92 netmask 255.255.255.224"
ifconfig_vtnet0_alias27="inet 206.62.240.93 netmask 255.255.255.224"
ifconfig_vtnet0_alias28="inet 206.62.240.94 netmask 255.255.255.224"

defaultrouter="206.62.240.65"
 
In the meantime, commented out the export jail IP em1 on all the php1 - php9 ezjail's and I am now getting functional jails with the following output:

Code: 
root@supernova:/usr/local/etc/ezjail # ezjail-admin list
STA JID  IP              Hostname                       Root Directory
--- ---- --------------- ------------------------------ ------------------------
DSN N/A  -                                              
DR  49   127.0.9.1       php9                           /usr/jails/php9
    49   vtnet0|206.62.240.89
DSN N/A  -                                              
DR  48   127.0.8.1       php8                           /usr/jails/php8
    48   vtnet0|206.62.240.88
DSN N/A  -                                              
DR  47   127.0.7.1       php7                           /usr/jails/php7
    47   vtnet0|206.62.240.87
DSN N/A  -                                              
DR  46   127.0.6.1       php6                           /usr/jails/php6
    46   vtnet0|206.62.240.86
DSN N/A  -                                              
DR  45   127.0.5.1       php5                           /usr/jails/php5
    45   vtnet0|206.62.240.85
DSN N/A  -                                              
DR  44   127.0.4.1       php4                           /usr/jails/php4
    44   vtnet0|206.62.240.84
DSN N/A  -                                              
DSN N/A  -                                              
DR  43   127.0.3.1       php3                           /usr/jails/php3
    43   vtnet0|206.62.240.83
DSN N/A  -                                              
DSN N/A  -                                              
DR  42   127.0.2.1       php2                           /usr/jails/php2
    42   vtnet0|206.62.240.82
DSN N/A  -                                              
DSN N/A  -                                              
DR  41   127.0.1.1       php1                           /usr/jails/php1
    41   vtnet0|206.62.240.81
root@supernova:/usr/local/etc/ezjail #
 
I tried adding the following to the host rc.conf to see if I could create a new EzJail Jail and create it using an additional parameter for the network devices. That part worked. The inner networking isn't, though. If this is the only way to do it then I will have to re-create all my jails using the following EzJail Create new Jail from a backup (which I backed up my php1 when I successfully made it)

If anyone has any ideas. Please let me know!

SuperNova/(Host) rc.conf: (Hopes of being the master network interface for all the jails on the 192.168.3.x network I am trying to build on the Jails for private access to one another using various service daemons.):
Code: 
vlans_vtnet0="1"
ifconfig_vtnet0_1="inet 192.168.3.0/24 netmask 255.255.255.224"

Command used to create the new jail after adding the above to the Host:

Code: 
ezjail-admin create -a /usr/jails/ezjail_archives/php1-202007061410.28.tar.gz fire2 'lo1|127.0.9.1,vtnet0|206.62.240.90,vtnet0_1|192.168.3.10'

I get the following output from EzJail-Admin:

Code: 
DS  N/A  127.0.9.1       fire2                          /usr/jails/fire2
    N/A  vtnet0|206.62.240.90
    N/A  vtnet0_1|192.168.3.10

Yet, I cannot start it.

The networking on the vtnet0_1 failed. Whenever the networking is failed; the jail fails to start correctly I've learned.

Thanks everyone!

~ Brandon
 
You must log in or register to reply here.
Back
Top