Jail can resolve, sometimes. Jail can connect, sometimes.

[helplease]

I have a jail and it is acting up the entire time. The main problem I am currently having with it involves its ability to access the internet. It acts very strange. If I try to build from ports fetch fails all the time. If I wget the files resolve fails about 9/10 times. If I keep doing wget over and over from the jail eventually it will resolve. Then it tries to connect. Connecting fails about 9/10 times as well. If I keep trying eventually I hit the magic combination where I can resolve and connect and then it downloads the file with no problem at normal speeds. This is so annoying! I have been just wget the files I need from the host then enter the jail to make install. I would like to fix this because it is a pain. Also I have the same trouble even connecting to local IP. If I try to connect from one jail to another, it will let me some times. Other times it gives error that it can't find it. Here are all of my settings:

First I set an alias for the jails (which are 10.0.0.5 and 10.0.0.10)

ifconfig vr0 10.0.0.5 netmask 255.255.255.255 alias
ifconfig vr0 10.0.0.10 netmask 255.255.255.255 alias

Then I edit /etc/pf.conf:

# Macros: define common values, so they can be referenced and changed easily.
ext_if="ex0"                                            # The external interface
int_if="in0"                                            # The internal interface
external_addr="***.***.244.51"                            # Your public IP address
internal_net="10.0.0.0/24"                          # Your internal subnet
# Translation: specify how addresses are to be mapped or redirected.
# nat: packets going out through $ext_if with source address $internal_net will
# get translated as coming from the address of $ext_if, a state is created for
# such packets, and incoming packets will be redirected to the internal address.
nat on $ext_if from $internal_net to any -> ($ext_if)
pass in all
pass out all

The annoying part is that it works actually, if it was just broken I would at least understand there is a problem. But why does it work rarely? That makes no sense to me! Internet from the host works fine; /etc/resolv.conf is the same in jails as it is on the host. Thanks.

 

[helplease]

Sorry vr0 should be ex0 in the first quote, I copy pasted from the tutorial I followed instead of my own configuration.

Side Note: An edit feature on this forum would be nice so such mistakes can be fixed rather than a double post required.

 

[SirDice]

Side Note: An edit feature on this forum would be nice so such mistakes can be fixed rather than a double post required.

Read the introduction email you received when you signed up.

How did you set up your jail? How did you start it? Try disabling the firewall, does that help?

 

[_martin]

In addition to SirDice's questions why did you put the local IPs on egress (ex0) interface? From the config you shown I would expect those IP addresses to be on internal netowrk, i.e. in0.

For example I use loopback interfaces for private jails:

# ifconfig lo252

foxi:(~)# ifconfig lo252
lo252: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 192.168.252.1 netmask 0xffffff00
        inet 192.168.252.4 netmask 0xffffff00
foxi:(~)#

With the relevant /etc/pf.conf part:

ext_if="em0"
sbx_if="lo252"

IP_FOXI="192.0.2.1"

nat pass on $ext_if from $sbx_if to any -> $IP_FOXI

where IP_FOXI is one of my public IPs on egress interface.

Do you have the problem with the connection too or only DNS issues ? E.g. if you can ping some IP address without packet loss, etc.