Inside a jail...

Z

zipitup

Hi guys,

My first time ever posting on FreeBSD forum... (have been a long time lurker)..

I've been googling a lot on this issue but could not seem to get an issue fixed.

I have just installed ezjail using ports.

A couple of issues I'm having and have some questions:

1) I tried to do ping from inside a jail, and I get operation not permitted. I have changed security.jail.allow_raw_sockets to "1" from the host. Stopped and restarted the jail, same thing.
I am able to ping from the host to the jail, but not from inside out. Some help here would be appreciate - I am trying to troubleshoot if I can reach out to the internet/LAN from inside jail.

2) It's a bit related to the first question, but to host or allow internet access in jail, do I need to install PF to do NAT and routing or is this part optional? Can the jail access internet without PF?

Thanks in advance.
 
I'm not familiar with ezjail since I'm maintaining my jail manually for now, but it seems most of your questions are not directly related.

zipitup said:
I have changed security.jail.allow_raw_sockets to "1" from the host. Stopped and restarted the jail, same thing.
Click to expand...
There are two places where you can set this. First is /etc/sysctl (or by running sysctl manually), but you'll also need to configure your jail. So add something like this to /etc/jail.conf (either globally or in the context of your jail definition):

Code: 
        allow.raw_sockets=1
See jail(8) for more information on this.

zipitup said:
do i need to install PF to do NAT and routing or is this part optional?
Click to expand...
Optional. Depending on your set up you can easily assign an IP address to the jail which can be directly reached from the outside.
 
A jail can only exchange packets directly with the public internet if it has a public routable IP addresss; i.e. an IP address assigned by your ISP. Private LAN IP address need NAT services from one of the 3 firewall in the base FreeBSD system.

ezjail does not automatically prep it's jails with the information needed for jail networking. You have to hand edit some confuration files. qjail utility just works from the get go.
 
You must log in or register to reply here.
Back
Top