I have successfully set up a jail following genneko's notes on setting up a jail in FreeBSD. However after installing and enabling Wireguard every single boot time, my jail has no network. I modified genneko's jails into making one jail by the way. Here's how my set up is looking at the moment
/etc/pf.conf
/etc/jail.conf
I have removed some vital information for security and anonymity purposes. However they might've been completely useless edits, so if I removed vital information (I am no expert in networking) then please tell me and I'll might add it back.
I want to have Wireguard on my host, default, computer and then route everything through that Wireguard connection, including the jail network data.
/etc/pf.conf
Code:
# MACROS/TABLES
XIF = "re0" # This is my default network interface. Changing this to WireguardConnection has no effect.
JAILNET_V4 = "127.1.1.0/24"
JAILNET_V6 = "fd00:1:1:1::0/64"
EXT_V6ADDR = "2001:db8::1"
# OPTIONS (set skip, etc.)
# NORMALIZATION (scrub)
# QUEUEING
# TRANSLATION
## NAT
nat on $XIF inet from $JAILNET_V4 to any -> ($XIF)
nat on $XIF inet6 from $JAILNET_V6 to any -> $EXT_V6ADDR
## REDIRECT (Port Forwarding)
rdr pass log on $XIF inet proto tcp to ($XIF) port 8080 -> 127.1.1.4
rdr pass log on $XIF inet6 proto tcp to $EXT_V6ADDR port 8080 -> fd00:1:1:1::4
/etc/rc.conf
Code:
clear_tmp_enable="YES"
syslogd_flags="-ss"
sendmail_enable="NONE"
hostname="host"
keymap="no.kbd"
ifconfig_re0="DHCP"
sshd_enable="YES"
moused_enable="YES"
ntpdate_enable="YES"
ntpd_enable="YES"
powerd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
zfs_enable="YES"
wireguard_enable="yes"
wireguard_interfaces="WireguardConnection"
kld_list="/boot/modules/i915kms.ko"
cloned_interfaces="lo1"
pf_enable="YES"
pflog_enable="YES"
jail_enable="YES"
jail_list="j1"
/etc/jail.conf
Code:
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
host.hostname = j1;
path = "/vm/j1";
exec.consolelog = "/var/log/jail_j1_console.log";
exec.prestart = "cp /etc/resolv.conf $path/etc";
exec.poststop = "rm $path/etc/resolv.conf";
# nullfs mount
j1 {
ip4.addr = "lo1|127.1.1.1/32";
ip6.addr = "lo1|fd00:1:1:1::1/64";
allow.chflags;
allow.raw_sockets;
}
I have removed some vital information for security and anonymity purposes. However they might've been completely useless edits, so if I removed vital information (I am no expert in networking) then please tell me and I'll might add it back.
ifconfig
Code:
re0: ...<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
...
lo0: ...<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
...
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.1.1.1 netmask 0xffffffff
inet6 fd00:1:1:1::1 prefixlen 64
inet6 fe80::1%lo1 prefixlen 64 scopeid 0x3
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
WireguardConnection: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1420
options=80000<LINKSTATE>
inet 10.68.206.2 --> 10.68.206.2 netmask 0xffffffff
inet6 fc00:bbbb:bbbb:bb02::4:da03 prefixlen 128
groups: tun
nd6 options=101<PERFORMNUD,NO_DAD>
Opened by PID 28963
jexec j1 ifconfig
Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 40:47:f7:52:21:11
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.1.1.1 netmask 0xffffffff
inet6 fd00:1:1:1::1 prefixlen 64
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
WireguardConnection: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1420
options=80000<LINKSTATE>
groups: tun
nd6 options=101<PERFORMNUD,NO_DAD>
Opened by PID 28963
I want to have Wireguard on my host, default, computer and then route everything through that Wireguard connection, including the jail network data.