I've installed 12.0 recently and tried to reproduce the handbook example of a dnsjail (later referred to as dns1). I've done this once before, successfully. First, installed sysutils/ezjail through pkg. Then, added the following
to my /etc/rc.conf and rebooted.
After reboot,
Next thing, start
Here's the tricky part. The last time I've done this, the host /etc/resolv.conf had my router local address. It was something like this:
Thus, I'd created a /etc/resolv.conf inside the jail slightly different (nameserver 192.168.1.1) and everything worked as expected: I built dns/bind99 and etcetera through the end of instructions in the handbook. Also, I managed to use this jail as a gateway to the other jails, using its IP as nameserver within their own /etc/resolv.conf.
This time, however, the very first jail failed at this point: there was no connection to the network.
I'm using another ISP now, and the contents of my /etc/resolv.conf are actual IP addresses (supposedly, their DNS servers): 201.21.192.1XX. Of course, it wouldn't make sense to copy these inside the jail, yet I tried all the same, but to no avail. As I understand the process, I tried again using the host IP - it should then forward to the actual gateway, am I wrong? By that logic:
But that failed as well. And trying for the sake of argument to reach 192.168.0.1 also failed.
I see the address set to lo1 is quite the same range as lo0, CIDR 127.0.0.0/16, whereas 192.168.0.0/16 is set to the other interface alc0, but that didn't seem to matter in the past. The jail was created with "alc0|192.168.1.140" as well. In fact, running
I'm not running PF, IPFW, IPFILTER or any other similar firewall. To the best of my knowledge, that is. I checked running processes, enabled services and found nothing of the sort. However, should one of these happen to be active by default without the need of explicitly being enabled in /etc/rc.conf or something like that, I'd probably just been missing the point completely.
The facts are as related above. After a couple of hours researching I did little to no progress, which led me to exaustion and to open this thread seeking for help. Thanks in advance.
Code:
cloned_interfaces="lo1"
ezjail_enabled="YES"
After reboot,
# ezjail-admin install -i -p
to make a basejail then create my own jail with # ezjail-admin create dnsjail 'lo1|127.0.1.1,alc0|192.168.1.140'
, which is copying the handbook ipsis litteris (except for the jail name).Next thing, start
# ezjail-admin start dnsjail
and # ezjail-admin console dnsjail
. Set root password with # passwd
and tz # tzsetup
. Then:
Code:
sed -i .bak -e '/adjkerntz/ s/^/#/' /etc/crontab
sed -i .bak -e 's/127.0.0.1/127.0.1.1/g; s/localhost.my.domain/dnsjail.my.domain dnsjail/' /etc/hosts
Here's the tricky part. The last time I've done this, the host /etc/resolv.conf had my router local address. It was something like this:
Code:
#domain.name
nameserver 192.168.0.1
This time, however, the very first jail failed at this point: there was no connection to the network.
I'm using another ISP now, and the contents of my /etc/resolv.conf are actual IP addresses (supposedly, their DNS servers): 201.21.192.1XX. Of course, it wouldn't make sense to copy these inside the jail, yet I tried all the same, but to no avail. As I understand the process, I tried again using the host IP - it should then forward to the actual gateway, am I wrong? By that logic:
Code:
#domain.name
nameserver 192.168.0.4
# make -C /usr/ports/dns/bind913 install clean
keeps trying to fetch pkg without ever managing to resolve, skipping to the next mirror and so on until stopped e.g. with Ctrl+C.I see the address set to lo1 is quite the same range as lo0, CIDR 127.0.0.0/16, whereas 192.168.0.0/16 is set to the other interface alc0, but that didn't seem to matter in the past. The jail was created with "alc0|192.168.1.140" as well. In fact, running
$ ifconfig -a
in the host show both 192.168.0.4 (host) and 192.168.1.140 (jail) under alc0 interface.I'm not running PF, IPFW, IPFILTER or any other similar firewall. To the best of my knowledge, that is. I checked running processes, enabled services and found nothing of the sort. However, should one of these happen to be active by default without the need of explicitly being enabled in /etc/rc.conf or something like that, I'd probably just been missing the point completely.
The facts are as related above. After a couple of hours researching I did little to no progress, which led me to exaustion and to open this thread seeking for help. Thanks in advance.