From owner-freebsd-questions@FreeBSD.ORG Wed Mar 26 00:33:16 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 25FC3144 for ; Wed, 26 Mar 2014 00:33:16 +0000 (UTC) Received: from mail.koukaam.se (mail.koukaam.se [193.86.201.130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id ABBDCA50 for ; Wed, 26 Mar 2014 00:33:15 +0000 (UTC) Received: from [192.168.1.41] (unassigned-81-90-254-125.ujezd.net [81.90.254.125] (may be forged)) (authenticated bits=0) by mail.koukaam.se (8.14.5/8.14.5) with ESMTP id s2Q0X1sk094184 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 26 Mar 2014 01:33:07 +0100 (CET) (envelope-from knezour@weboutsourcing.cz) Message-ID: <53322031.5050304@weboutsourcing.cz> Date: Wed, 26 Mar 2014 01:32:49 +0100 From: Ondra Knezour User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: tyler@tysdomain.com, freebsd-questions@freebsd.org Subject: Re: jails again:outbound connections. References: <53320E60.2060400@tysdomain.com> In-Reply-To: <53320E60.2060400@tysdomain.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Mar 2014 00:33:16 -0000 Dne 26.3.2014 0:16, Littlefield, Tyler napsal(a): > I'm having a lot of issues with jails. Here is what I set up: > an alias on em0 with ip 192.168.0.2, netmask 244.244.244.0, bcast > 192.168.0.255. This is not going to work if you don't have some very weird network configuration. You probably want 255.255.255.0 netmask. > I enabled IP forwarding through sysctl. > the jail was created on the 192.168.0.2 address,and I am able to connect > from the host to the jail. E.g: I can telnet to a listening service on > the jail from the host. I am, however unable to connect out. I have a To connect out where? Some more info about your network will give us some insight what is wrong. At least configuration of all interfaces and default route. Show us output of ifconfig and netstat -r from both the host and the jail. > few questions: > 1) I enabled raw sockets in security.jail, but am still unable to > traceroute out. I was trying this to see if perhaps my connections were > getting out and perhaps OVH/Soyoustart was not letting the packet > through. I am unsure if the alias will translate packets from > 192.168.0.2, but it seems uncertain that it would. No, it wouldn't. > 2) Given this, do I need to set something else up through DNAT? Do I > have to do something special for processing of outbound packets? > 3) If not, any other advice on troubleshooting would beaawesome. You will need to setup outgoing NAT on the host on the interface which is connected to the network you are trying to reach or to the internet if you want general connectivity with the world. http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8 http://www.fi.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html https://www.freebsd.org/doc/handbook/firewalls-pf.html#pftut-gateway -- Ondra Knezour