internet in jail

Today I started learning jails....
I use my pc as desktop...
in jail i will be compiling ports.

i have started jail, but can't figure out how to connect it to internet.

/etc/rc.conf on host
Code:
# i'm behind router
ifconfig_rl0="inet 192.168.128.100 netmask 255.255.255.0"
defaultrouter="192.168.128.1"
hostname="192.168.128.100"
# alias for jail
ifconfig_rl0_alias0="inet 192.168.128.98 netmask 255.255.255.0"

#from handbook
sendmail_enable="NO"
inetd_flags="-wW -a 192.168.128.100"
rpcbind_enable="NO"

jail_enable="YES"
jail_list="test"

jail_test_hostname="test"
jail_test_rootdir="/jails/test/root"
jail_test_ip="192.168.128.98"
jail_test_exec="/bin/sh /etc/rc"
jail_test_devfs_enable="YES"

I'm not 100% sure what should i write in /etc/resolv.conf in jail
but i have
Code:
nameserver 192.168.128.1

when i try to ping something i get
Code:
ping: socket: Operation not permitted

please help....
 
By default ping is disabled inside a jail. From host type the following:
Code:
sysctl security.jail.allow_raw_sockets=1
jexec ID csh
ping freebsd.org

Try with host command, if you are not willing to give ping access for jail:
Code:
host freebsd.org

If above failed, than you need to take help of pf or other firewall to route traffic from the jail to host and finally, to the Internet via your ISP router.
 
great, thank you for info :D
man, and i was searching for answer for few hours.....


Out of curiosity: Why is raw sockets are disabled by default? (i know for security, but why?)
 
raw sockets is an open invitation for crackers to do all sort of nasty things using nc or perl / php. So by default this option is disabled.

From man page:
Since raw sockets can be used to configure and interact with various network subsystems, extra caution should be used where privileged access to jails is given out to untrusted parties.
 
Back
Top