From owner-freebsd-questions@FreeBSD.ORG Tue Mar 25 23:15:03 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 43E13223 for ; Tue, 25 Mar 2014 23:15:03 +0000 (UTC) Received: from tds-solutions.net (tds-solutions.net [69.164.206.65]) by mx1.freebsd.org (Postfix) with ESMTP id 297091F6 for ; Tue, 25 Mar 2014 23:15:02 +0000 (UTC) Received: from [192.168.1.224] (unknown [69.43.65.114]) (Authenticated sender: tyler) by tds-solutions.net (Postfix) with ESMTPSA id 2D8B8A11E for ; Tue, 25 Mar 2014 17:21:04 -0600 (MDT) Message-ID: <53320E60.2060400@tysdomain.com> Date: Tue, 25 Mar 2014 19:16:48 -0400 From: "Littlefield, Tyler" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: jails again:outbound connections. Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: tyler@tysdomain.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 23:15:03 -0000 hello all: I'm having a lot of issues with jails. Here is what I set up: an alias on em0 with ip 192.168.0.2, netmask 244.244.244.0, bcast 192.168.0.255. I enabled IP forwarding through sysctl. the jail was created on the 192.168.0.2 address,and I am able to connect from the host to the jail. E.g: I can telnet to a listening service on the jail from the host. I am, however unable to connect out. I have a few questions: 1) I enabled raw sockets in security.jail, but am still unable to traceroute out. I was trying this to see if perhaps my connections were getting out and perhaps OVH/Soyoustart was not letting the packet through. I am unsure if the alias will translate packets from 192.168.0.2, but it seems uncertain that it would. 2) Given this, do I need to set something else up through DNAT? Do I have to do something special for processing of outbound packets? 3) If not, any other advice on troubleshooting would beaawesome. Thanks in advance for the help. I am sorry for all the questions--I've been staring at this for 3+ days now with no luck. Thanks again, -- Take care, Ty http://tds-solutions.net He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.