My jails are not seeing the network.

paulfrottawa

paulfrottawa

I used this example

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-application.html

______________________

FreeBSD i386.localhost.bsd 7.0-RELEASE-p6 FreeBSD 7.0-RELEASE-p6 #0: Tue Dec 2 20:35:28 EST 2008 paul@i386.localhost.bsd:/usr/obj/usr/src/sys/GENERIC i386

___________________________________________
i386# jls
JID IP Address Hostname Path
3 192.168.0.77 http://www.example.org /usr/home/j/www
2 192.168.0.18 mail.example.org /usr/home/j/mail
1 192.168.0.17 ns.example.org /usr/home/j/ns
 
How have you determined they're not seeing the network?

Please post your jail-related rc.conf entries:

# grep 'jail' /etc/rc.conf
 
Do realize that you can't use ping inside a jail as it needs raw sockets.
 
anomie said:
How have you determined they're not seeing the network?

Please post your jail-related rc.conf entries:

# grep 'jail' /etc/rc.conf
Click to expand...

I tried a few test like pkg_add -r nano from inside the jail.

___________________________
i386# grep 'jail' /etc/rc.conf
jail_enable="YES"
jail_set_hostname_allow="NO"
jail_list="ns mail www"
jail_ns_hostname="ns.example.org"
jail_ns_ip="192.168.0.17"
jail_ns_rootdir="/usr/home/j/ns"
jail_ns_devfs_enable="YES"
jail_mail_hostname="mail.example.org"
jail_mail_ip="192.168.0.18"
jail_mail_rootdir="/usr/home/j/mail"
jail_mail_devfs_enable="YES"
jail_www_hostname="www.example.org"
jail_www_ip="192.168.0.77"
jail_www_rootdir="/usr/home/j/www"
jail_www_devfs_enable="YES"
 
paulfrottawa said:
...
jail_ns_hostname="ns.example.org"
jail_ns_ip="192.168.0.17"
...
Click to expand...

Can you also post ifconfig output? (i.e. Let's confirm aliases are set up.)

Since those jails are on private IP space, how are you handling NAT?
 
ns# pkg_add -r nano
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/nano.tbz: No address record
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/nano.tbz' by URL
______________________________________________________

xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9<RXCSUM,VLAN_MTU>
ether 00:06:5b:40:a7:c6
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
_________________________________________________________

sysinstall/configure/networking/interfaces

No network device available. PUSH[OK]



_____________________________________________

i had this in and out in /etc/rc.conf (jail directory)

network_interfaces=""
rpcbind_enable="NO"
sshd_enable="YES"
syslogd_flags="-ss"

copied from ~http://dfwlpiki.dfwlp.org/index.php/Creating_and_Managing_A_Jailed_Virtual_Host_in_FreeBSD
 
Show the whole content of your /etc/rc.conf file.!!

i guess you will need the alias on your interface

Code: 
ifconfig_bge0="inet 192.168.0.200  netmask 255.255.255.0"
ifconfig_bge0_alias0="inet 192.168.0.17  netmask 255.255.255.255"
ifconfig_bge0_alias1="inet 192.168.0.18  netmask 255.255.255.255"
ifconfig_bge0_alias2="inet 192.168.0.77  netmask 255.255.255.255"

change bge0 to the interface you running with xl0 in your case, if your output is right.
(this is in the /etc/rc.conf file of the jailhost!!!)


also make sure there is a /etc/resolv.conf file in every jail.

regards,
Johan Hendriks
 
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname="i386.localhost.bsd"
ifconfig_xl0="DHCP"
ipv6_enable="YES"
keymap="us.iso"
sshd_enable="YES"

jail_enable="YES"
jail_set_hostname_allow="NO"
jail_list="ns mail www"
jail_ns_hostname="ns.example.org"
jail_ns_ip="192.168.0.17"
jail_ns_rootdir="/usr/home/j/ns"
jail_ns_devfs_enable="YES"
jail_mail_hostname="mail.example.org"
jail_mail_ip="192.168.0.18"
jail_mail_rootdir="/usr/home/j/mail"
jail_mail_devfs_enable="YES"
jail_www_hostname="www.example.org"
jail_www_ip="192.168.0.77"
jail_www_rootdir="/usr/home/j/www"
jail_www_devfs_enable="YES"

# -- sysinstall generated deltas -- # Wed Dec 3 08:44:11 2008
ifconfig_xl0="DHCP"
ipv6_enable="YES"
hostname="i386.localhost.bsd"

#ifconfig_xl0="inet 192.168.0.197 netmask 255.255.255.128"
#ifconfig_xl0_alias0="inet 192.168.0.17 netmask 255.255.255.128"
#ifconfig_xl0_alias1="inet 192.168.0.18 netmask 255.255.255.128"
#ifconfig_xl0_alias2="inet 192.168.0.77 netmask 255.255.255.128"

____________________________________________________

I'm going to set the last lines to the same netmask you used and try that again.

__________________________________

Yeh no /etc/resolve


amd.map login.access profile
apmd.conf login.conf protocols
auth.conf login.conf.db pwd.db
bluetooth mac.conf rc
crontab mail rc.bsdextended
csh.cshrc mail.rc rc.conf
csh.login make.conf rc.d
csh.logout manpath.config rc.firewall
defaults master.passwd rc.firewall6
devd.conf motd rc.initdiskless
devfs.conf mtree rc.resume
dhclient.conf netconfig rc.sendmail
disktab netstart rc.shutdown
dumpdates network.subr rc.subr
fbtab networks rc.suspend
freebsd-update.conf newsyslog.conf remote
ftpusers nscd.conf rpc
gettytab nsmb.conf security
gnats nsswitch.conf services
group ntp shells
gss opieaccess skel
host.conf pam.d snmpd.config
hosts passwd spwd.db
hosts.allow pccard_ether ssh
hosts.equiv periodic ssl
hosts.lpd pf.os sysctl.conf
inetd.conf phones syslog.conf
isdn portsnap.conf ttys
libalias.conf ppp zfs
 
@Sylhouette: He has xl ethernet card (not bg).

@paulfrottawa: It looks like you have not set up networking at all. You will need entries similar to those posted by Sylhouette, except use, e.g.:
ifconfig_xl0=...

You'll also want to set defaultrouter and hostname in /etc/rc.conf. If you run into trouble, post the whole rc.conf file.

---

edit: I was too slow.

@paulfrottawa: are you required to be a dhcp client in your environment? That will change the advice given here...
 
amd.map login.access profile
apmd.conf login.conf protocols
auth.conf login.conf.db pwd.db
bluetooth mac.conf rc
crontab mail rc.bsdextended
csh.cshrc mail.rc rc.conf
csh.login make.conf rc.d
csh.logout manpath.config rc.firewall
defaults master.passwd rc.firewall6
devd.conf motd rc.initdiskless
devfs.conf mtree rc.resume
dhclient.conf netconfig rc.sendmail
disktab netstart rc.shutdown
dumpdates network.subr rc.subr
fbtab networks rc.suspend
freebsd-update.conf newsyslog.conf remote
ftpusers nscd.conf rpc
gettytab nsmb.conf security
gnats nsswitch.conf services
group ntp shells
gss opieaccess skel
host.conf pam.d snmpd.config
hosts passwd spwd.db
hosts.allow pccard_ether ssh
hosts.equiv periodic ssl
hosts.lpd pf.os sysctl.conf
inetd.conf phones syslog.conf
isdn portsnap.conf ttys
libalias.conf ppp zfs
 
@anomie look at the line below the ifconfig lines ;)

try the following (i see you have comment out the desired rules)

make sure the default router adres is the adres of your router/gateway

Secondly why a 25 bits mask (255.255.255.128) cant you use a 24 bits mask!(255.255.255.0)

Code: 
hostname="i386.localhost.bsd"
defaultrouter="192.168.0.1"   
ifconfig_xl0="inet 192.168.0.197 netmask 255.255.255.128"
ifconfig_xl0_alias0="inet 192.168.0.17 netmask 255.255.255.255"
ifconfig_xl0_alias1="inet 192.168.0.18 netmask 255.255.255.255"
ifconfig_xl0_alias2="inet 192.168.0.77 netmask 255.255.255.255"
make sure that you have no multiple lines in your /etc/rc.conf file.
the last line is used in this case
and the alias# lines must always be alias0, alias1, alias2, alias3 and so on.
You can not leave a number out, if you going to delete a line (or comment it out) you need to edit the other line so that it staill goes 0 1 2 3 and so on.




the /etc/resolv.conf file has nothing more than your name servers in it and also maybe your domain
domain localhost.bsd is not a must
change the ip adresses to the one from your ISP
Code: 
domain  localhost.bsd
nameserver      194.109.6.66
nameserver      194.109.9.99
 
anomie said:
Whoops, you are correct. Don't mind me. :)
Click to expand...

sound like i should just do a rebuild and start over.

nonething worked I re done some /etc/rc.conf here.


# -- sysinstall generated deltas -- # Tue Dec 2 05:06:49 2008
# Created: Tue Dec 2 05:06:49 2008
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
keymap="us.iso"
sshd_enable="YES"
#
jail_enable="YES"
jail_set_hostname_allow="NO"
jail_list="ns mail www"
jail_ns_hostname="ns.example.org"
jail_ns_ip="192.168.0.17"
jail_ns_rootdir="/usr/home/j/ns"
jail_ns_devfs_enable="YES"
jail_mail_hostname="mail.example.org"
jail_mail_ip="192.168.0.18"
jail_mail_rootdir="/usr/home/j/mail"
jail_mail_devfs_enable="YES"
jail_www_hostname="www.example.org"
jail_www_ip="192.168.0.77"
jail_www_rootdir="/usr/home/j/www"
jail_www_devfs_enable="YES"
#
defaultrouter="192.168.0.1"
hostname="i386.localhost.bsd"
defaultrouter="192.168.0.1"
ifconfig_xl0="inet 192.168.0.197 netmask 255.255.255.128"
ifconfig_xl0_alias0="inet 192.168.0.17 netmask 255.255.255.255"
ifconfig_xl0_alias1="inet 192.168.0.18 netmask 255.255.255.255"
ifconfig_xl0_alias2="inet 192.168.0.77 netmask 255.255.255.255"
###
#
#
#portmap_enable=YES
#portmap_flags="-h 127.0.0.1"
#amd_enable=YES
Click to expand...
 
The aliases aren't needed either. The jail startup script takes care of that, hence the jail_<name>_ip.
 
# -- sysinstall generated deltas -- # Thu Dec 4 13:05:43 2008
# Created: Thu Dec 4 13:05:43 2008
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
keymap="us.iso"
# -- sysinstall generated deltas -- # Thu Dec 4 18:09:55 2008
ifconfig_xl0="inet 192.168.0.15 netmask 255.255.255.0"
defaultrouter="192.168.0.1"
sshd_enable="YES"
hostname="i386.localhost.bsd"
jail_enable="YES"
jail_set_hostname_allow="NO"
jail_list="ns mail www"
jail_ns_hostname="ns.example.org"
jail_ns_ip="192.168.0.17"
jail_ns_rootdir="/usr/home/j/ns"
jail_ns_devfs_enable="YES"
jail_mail_hostname="mail.example.org"
jail_mail_ip="192.168.0.18"
jail_mail_rootdir="/usr/home/j/mail"
jail_mail_devfs_enable="YES"
jail_www_hostname="www.example.org"
jail_www_ip="192.168.0.19"
jail_www_rootdir="/usr/home/j/www"
jail_www_devfs_enable="YES"
 
i386# cp /etc/resolv.conf /usr/home/js/ns/etc
_____________________________________________________

i386# jexec 1 tcsh
ns# pkg_add -r nano
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/nano.tbz: No address record
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/nano.tbz' by URL

_____________________

It did copy I just checked and this is what was in it

domain localhost.bsd
nameserver 192.168.0.1
 
success
L: 1 C: 1 =====================================================================

# -- sysinstall generated deltas -- # Thu Dec 4 13:05:43 2008
# Created: Thu Dec 4 13:05:43 2008
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
keymap="us.iso"
# -- sysinstall generated deltas -- # Thu Dec 4 18:09:55 2008
#ifconfig_xl0="inet 192.168.0.15 netmask 255.255.255.0"
defaultrouter="192.168.0.1"
sshd_enable="YES"
hostname="i386.localhost.bsd"
jail_enable="YES"
jail_set_hostname_allow="NO"
jail_list="ns mail www"
jail_ns_hostname="ns.example.org"
jail_ns_ip="192.168.0.17"
jail_ns_rootdir="/usr/home/j/ns"
jail_ns_devfs_enable="YES"
jail_mail_hostname="mail.example.org"
jail_mail_ip="192.168.0.18"
jail_mail_rootdir="/usr/home/j/mail"
jail_mail_devfs_enable="YES"
jail_www_hostname="www.example.org"
jail_www_ip="192.168.0.19"
jail_www_rootdir="/usr/home/j/www"
jail_www_devfs_enable="YES"
hostname="i386.localhost.bsd"
defaultrouter="192.168.0.1"
ifconfig_xl0="inet 192.168.0.15 netmask 255.255.255.128"
ifconfig_xl0_alias0="inet 192.168.0.17 netmask 255.255.255.255"
ifconfig_xl0_alias1="inet 192.168.0.18 netmask 255.255.255.255"
ifconfig_xl0_alias2="inet 192.168.0.19 netmask 255.255.255.255"


Thank you all.
 
You must log in or register to reply here.
Back
Top