internet in jail

graudeejs

Son of Beastie

Reaction score: 695
Messages: 4,615

Today I started learning jails....
I use my pc as desktop...
in jail i will be compiling ports.

i have started jail, but can't figure out how to connect it to internet.

/etc/rc.conf on host
Code:
# i'm behind router
ifconfig_rl0="inet 192.168.128.100 netmask 255.255.255.0"
defaultrouter="192.168.128.1"
hostname="192.168.128.100"
# alias for jail
ifconfig_rl0_alias0="inet 192.168.128.98 netmask 255.255.255.0"

#from handbook
sendmail_enable="NO"
inetd_flags="-wW -a 192.168.128.100"
rpcbind_enable="NO"

jail_enable="YES"
jail_list="test"

jail_test_hostname="test"
jail_test_rootdir="/jails/test/root"
jail_test_ip="192.168.128.98"
jail_test_exec="/bin/sh /etc/rc"
jail_test_devfs_enable="YES"
I'm not 100% sure what should i write in /etc/resolv.conf in jail
but i have
Code:
nameserver 192.168.128.1
when i try to ping something i get
Code:
ping: socket: Operation not permitted
please help....
 

vivek

Aspiring Daemon

Reaction score: 195
Messages: 805

By default ping is disabled inside a jail. From host type the following:
Code:
sysctl security.jail.allow_raw_sockets=1
jexec ID csh
ping freebsd.org
Try with host command, if you are not willing to give ping access for jail:
Code:
host freebsd.org
If above failed, than you need to take help of pf or other firewall to route traffic from the jail to host and finally, to the Internet via your ISP router.
 
OP
OP
graudeejs

graudeejs

Son of Beastie

Reaction score: 695
Messages: 4,615

great, thank you for info :D
man, and i was searching for answer for few hours.....


Out of curiosity: Why is raw sockets are disabled by default? (i know for security, but why?)
 

vivek

Aspiring Daemon

Reaction score: 195
Messages: 805

raw sockets is an open invitation for crackers to do all sort of nasty things using nc or perl / php. So by default this option is disabled.

From man page:
Since raw sockets can be used to configure and interact with various network subsystems, extra caution should be used where privileged access to jails is given out to untrusted parties.
 
Top