Solved [Solved] qjail, two nic, no internet connection

Hello,
I have this problem:

I installed a new computer with FreeBSD 10.0-RELEASE-p7 and qjail. The computer has 2 NICs, configured with static and private IP. I have configured a simple jail using the NIC with private IP.

From jail I can ping static IP and defaultrouter IP but I can't PING internet IP like 173.194.116.14 (Google) and DNS does not resolve.

Host and jail use the same resolv.conf. There is no firewall activated.

These are the configurations:
Code:
# HOST /etc/rc.conf
hostname="jails.xxxxx.net"
keymap="it.iso.kbd"
ifconfig_re0="inet 78.134.xx.20 netmask 255.255.255.248"
ifconfig_em0="inet 10.10.10.1 netmask 255.0.0.0"
defaultrouter="78.134.xx.22"
sshd_enable="YES"
ntpd_enable="YES"
powerd_enable="YES"
dumpdev="NO"
zfs_enable="YES"
qjail_enable="YES"
gateway_enable="YES"
Code:
# HOST /etc/resolv.conf
search xxxxxx.net
nameserver 88.149.128.22
nameserver 88.149.128.12
Code:
# HOST /boot/loader.conf
zfs_load="YES"
Code:
#JAIL /etc/rc.conf

hostname="jweb"

# On first ssh startup it takes few seconds more and uses some entropy.
sshd_enable="YES"

# No network interfaces in jails
network_interfaces=""
 
# Prevent rpc
rpcbind_enable="NO"
 
# Prevent jails from doing their cron jobs at the same time
cron_flags=" -J 60"
 
# Prevent syslog from opening sockets
syslogd_enable="NO"
syslogd_flags="-ss"
 
# Prevent sendmail from trying to connect to localhost
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

apache24_enable="YES"
Code:
# HOST qjail config -d jweb
name="jweb"
ip4="10.10.10.10"
ip6=""
path="/usr/jails/jweb"
interface="em0"
fstab="/usr/local/etc/qjail.fstab/jweb"
securelevel=""
cpuset=""
fib=""
vnet=""
vinterface=""
rsockets="allow.raw_sockets"
ruleset=""
sysvipc=""
quotas=""
nullfs=""
tmpfs=""
zfs=""
poststartssh=""
deffile="/usr/local/etc/qjail.local/jweb"
image="/usr/jails/jweb/jweb.img"
imagetype="simple"
imageblockcount="2048"
imagedevice=""

Do you have any idea?

Grazie
Franco
 
Re: qjail, two nic, no internet connection

Your /etc/rc.conf does not list any kind of firewall as being enabled. Packets from the jail will leave with the 10.10.10.10 source address and will either get dropped by your ISP or somewhere upstream. If you only have one public IP address, you'll need to enable one of the firewalls and set it up to use NAT.
 
Back
Top