Networking problem continues in jailed environment

sossego

Retired from the forums
The rc.conf file:
Code:
hostname="nunca-conhecado"
sshd_enable="YES"
moused_enable="YES"
powerd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"

jail_enable="YES"
jail_list="bsdevel"

The jail_quick_start script:
Code:
#!/bin/sh
ifconfig lo1 create && ifconfig lo1 127.1.2.7/32 alias && jail -c /jails/FreeBSD-Google_projects mount.devfs host.hostname=weeby ip4.addr=127.1.2.7 command=/bin/sh

The pf.conf setup:
Code:
    ext_if="wlan0"
    jail_if="lo1"

    
    IP_JAIL_WWW="127.1.2.7"

    NET_JAIL="127.1.2.7/32"

    PORT_WWW="{80}"

    scrub in all

    # nat all jail traffic
    nat pass on $ext_if from $NET_JAIL to any -> $IP_PUB

    # WWW
    rdr pass on $ext_if proto tcp from any to $IP_PUB port $PORT_WWW -> $IP_JAIL_WWW

    # demo only, passing all traffic
    pass out
    pass in

The problem: the jail is not properly created. The path is not recognized.

Questions:
  • How do I create the jail ID? I do not know how to do such nor am I finding any reference in any tutorial or within the man page on properly doing this.
  • Do I use a jail.conf reference within my jail_quick_start script or not? I need feedback. Is anyone willing to test the script and tell me the results from their machine?
I am trying. I am searching for a solution.
 
sossego said:
The problem: the jail is not properly created. The path is not recognized.
What was the exact message? How did you (try to) start the jail? Are you using a /etc/jail.conf and if so, what's in there?
sossego said:
How do I create the jail ID?
Just to be clear: are you trying to set the jail ID? Or the jail name? Or did you mean something else?
 
I do not think I set either the jail ID or the jail name properly.

jail.conf
Code:
    bsdevel {
     path = /jails/FreeBSD-Google_projects;
     allow.mount;
     mount.devfs;
     host.hostname = bsd-googlebox;
     exec.start = "/bin/sh /etc/rc.d/jail jail_start";
     exec.stop = "/bin/sh /etc/rc.d/jail jail_stop";
    }

The fact remains that nearly every method I have used and followed to:
  1. set up the jail properly;
  2. set up networking in the jail;
has failed on nearly every attempt.

At this point, I need a concrete example to follow. Actually, I need quite a few. I understand, then I don't. It works, then it doesn't. After a while, I become frustrated with everything.

So, I would like to use the basic jail method but I may have to use ezjail. What still remains is the fact that I do not have a static IP address and that makes setting up the jail networking a difficult problem. If there were more developers/porters/testers in my situation, then this wouldn't be such a difficult problem to solve.
 
sossego said:
I do not think I set either the jail ID or the jail name properly.
You probably already knew this, but just to be sure: the jail ID is just a number. When unspecified, it's assigned automagically. Jail IDs can be set explicitly in jail.conf(5) as follows
Code:
foo {
   jid = 666;
}
but I wouldn't bother. Jail names are more convenient to work with. Jail names are pretty much the same thing, except they are strings rather than numbers. When unspecified, they are copied from the jail ID. They can be set in jail.conf as follows:
Code:
foo{
   name = "alcatraz";
}
And then there's the jail hostname, which is something else again. But anyway, neither the jail ID nor name has to be explicitly specified, although I would recommend setting a name because it's more convenient with jexec.

sossego said:
jail.conf
Code:
    bsdevel {
     path = /jails/FreeBSD-Google_projects;
     allow.mount;
     mount.devfs;
     host.hostname = bsd-googlebox;
     exec.start = "/bin/sh /etc/rc.d/jail jail_start";
     exec.stop = "/bin/sh /etc/rc.d/jail jail_stop";
    }
What are you trying to accomplish with the exec.start and exec.stop lines? Usually, those are:
Code:
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
The lines you're using might be instructing the jail to start a jail, or something of that nature.

sossego said:
So, I would like to use the basic jail method but I may have to use ezjail.
I only manage jails manually, so I can't give you an ezjail example.

And as for the networking, I'd rather do that from /etc/rc.conf and /etc/jail.conf than with a custom script.
 
For some reason, I am having difficulty setting up a jail because I keep misunderstanding and misinterpreting something.
  1. The jail has been created. That part is done.
  2. Networking worked a few times when following http://forums.freebsd.org/viewtopic.php?f=39&t=41470.

I just need to see where I am going wrong in the setup. Forgive me for the repetitive and circular self confusion. I'm still looking.

I have copied /etc/resolv.conf to /jails/$JAIL/etc/resolv.conf. I'm thinking to do ln -s /etc/resolv.conf /jails/$JAIL/etc/resolv.conf unless it needs to be in /jails/etc. chroot and everything else works, lo0 has an IP address. But there's still no Internet connectivity at the moment within the jail.
 
Back
Top