Date: Wed, 26 Mar 2014 01:32:49 +0100 From: Ondra Knezour <knezour@weboutsourcing.cz> To: tyler@tysdomain.com, freebsd-questions@freebsd.org Subject: Re: jails again:outbound connections. Message-ID: <53322031.5050304@weboutsourcing.cz> In-Reply-To: <53320E60.2060400@tysdomain.com> References: <53320E60.2060400@tysdomain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dne 26.3.2014 0:16, Littlefield, Tyler napsal(a): > I'm having a lot of issues with jails. Here is what I set up: > an alias on em0 with ip 192.168.0.2, netmask 244.244.244.0, bcast > 192.168.0.255. This is not going to work if you don't have some very weird network configuration. You probably want 255.255.255.0 netmask. > I enabled IP forwarding through sysctl. > the jail was created on the 192.168.0.2 address,and I am able to connect > from the host to the jail. E.g: I can telnet to a listening service on > the jail from the host. I am, however unable to connect out. I have a To connect out where? Some more info about your network will give us some insight what is wrong. At least configuration of all interfaces and default route. Show us output of ifconfig and netstat -r from both the host and the jail. > few questions: > 1) I enabled raw sockets in security.jail, but am still unable to > traceroute out. I was trying this to see if perhaps my connections were > getting out and perhaps OVH/Soyoustart was not letting the packet > through. I am unsure if the alias will translate packets from > 192.168.0.2, but it seems uncertain that it would. No, it wouldn't. > 2) Given this, do I need to set something else up through DNAT? Do I > have to do something special for processing of outbound packets? > 3) If not, any other advice on troubleshooting would beaawesome. You will need to setup outgoing NAT on the host on the interface which is connected to the network you are trying to reach or to the internet if you want general connectivity with the world. http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8 http://www.fi.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html https://www.freebsd.org/doc/handbook/firewalls-pf.html#pftut-gateway -- Ondra Knezour
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53322031.5050304>