Hi,
I'm pretty new with FreeBSD and I have issues with jail and networking. I try to create a vnet jail and even when I allow raw sockets,
The
Thanks,
Logik
ERROR:
jail.conf:
I'm pretty new with FreeBSD and I have issues with jail and networking. I try to create a vnet jail and even when I allow raw sockets,
ping
from jail doesn't work. jail.conf is below - is something wrong there?The
ping
is not the only thing that is wrong, no networking in jail is working (e.g. drill, netcat, etc...). Putting firewall on host down makes no difference. Please, can you kick me where I do the mistake?Thanks,
Logik
ERROR:
Code:
[root@dhcp /]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Permission denied
ping: sendto: Permission denied
[root@dhcp /]# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.6.1 UGS epair210
127.0.0.1 link#1 UH lo0
192.168.6.0/24 link#2 U epair210
192.168.6.210 link#2 UHS lo0
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0
::1 link#1 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
fe80::/10 ::1 UGRS lo0
fe80::%lo0/64 link#1 U lo0
fe80::1%lo0 link#1 UHS lo0
fe80::%epair210b/64 link#2 U epair210
fe80::ff:60ff:fe00:70b%epair210b link#2 UHS lo0
ff01::%lo0/32 ::1 U lo0
ff01::%epair210b/32 fe80::ff:60ff:fe00:70b%epair210b U epair210
ff02::/16 ::1 UGRS lo0
ff02::%lo0/32 ::1 U lo0
ff02::%epair210b/32 fe80::ff:60ff:fe00:70b%epair210b U epair210
[root@dhcp /]# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair210b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ff:60:00:07:0b
inet6 fe80::ff:60ff:fe00:70b%epair210b prefixlen 64 tentative scopeid 0x2
inet 192.168.6.210 netmask 0xffffff00 broadcast 192.168.6.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
jail.conf:
Code:
* {
exec.start = "/bin/bash /etc/rc";
exec.stop = "/bin/bash /etc/rc.shutdown";
exec.consolelog = "/var/log/jail/$name";
path = "/usr/jails/$name";
mount.fstab = "/etc/jail.fstab/$name";
host.hostname = "$name.dionyska.cz";
devfs_ruleset = "4";
mount.devfs;
mount.fdescfs;
$ip_addr = "192.168.6.${ip}" ;
}
dhcp {
$ip = "210" ;
$ip_route = "192.168.6.1" ;
vnet;
vnet.interface = "epair${ip}b";
#When the jail configuration was faulty, this interface sometimes survive the jail, so try to destroy
exec.prestart = "ifconfig epair${ip}a destroy 2>/dev/null || true";
exec.prestart += "ifconfig epair$ip create up";
exec.prestart += "ifconfig bridge0 addm epair${ip}a";
exec.start = "/sbin/ifconfig lo0 127.0.0.1 up";
exec.start += "/sbin/ifconfig epair210b inet $ip_addr up" ;
exec.start += "/sbin/route add default $ip_route " ;
exec.start += "/bin/sh /etc/rc";
exec.poststop = "ifconfig bridge0 delem epair${ip}";
exec.poststop = "ifconfig epair${ip}a destroy " ;
persist;
devfs_ruleset=5 ;
allow.raw_sockets=1 ;
allow.socket_af = 1;
}