Date: Thu, 12 Jul 2012 21:04:52 +0200 From: "Herbert J. Skuhra" <h.skuhra@gmail.com> To: freebsd-jail@freebsd.org Subject: Re: Jails on FreeBSD 9.0 Message-ID: <CADfJ1Pa1dpZ5StTTrG=8KVnFNzUuK58MhLXrg4prAqq4cKLK2g@mail.gmail.com> In-Reply-To: <CAPd55qAiWO5eQ=KkweuWir%2BgD4C1LSSbiky2VgZwiDpwwUyJaw@mail.gmail.com> References: <87fw8yariq.wl%h.skuhra@gmail.com> <CADfJ1PYDaJ-ogJq8ewvzLk3sCjqrE0bw36grVSAn2_16dZHDhw@mail.gmail.com> <CAPd55qAiWO5eQ=KkweuWir%2BgD4C1LSSbiky2VgZwiDpwwUyJaw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 12, 2012 at 11:56 AM, joris dedieu <joris.dedieu@gmail.com> wrote: > 2012/7/12 Herbert J. Skuhra <h.skuhra@gmail.com>: >> On Wed, Jul 11, 2012 at 11:59 PM, Herbert J. Skuhra <h.skuhra@gmail.com> wrote: >>> Hi, >>> >>> although I've followed the instructions in jail(8) and jail.conf(5) I >>> cannot manage to setup jails on FreeBSD 9.0 STABLE (r238334). >>> >>> The symptons: >>> >>> * ssh'ing to jail works, but it takes about 20 seconds until password >>> prompt appears > > Does it still the same with UseDNS=no in /etc/ssh/sshd_config ? No, I can login instantly. >>> * netstat -r in the jail takes about 150 seconds to finish > > Does netstat -rn does the same ? No, the output appears immediately. >>> * connections to the internet time out; with tcpdump I see that >>> packets leave and enter the public interface on the host, but never >>> reach the jail >>> >>> I use lo1 interface and ip address 192.168.1.1/24 for the jail. Public >>> interface is fxp0 with both an IPv4 and an IPv6 address assigned. >>> Of course, nat is enable via pf on the public interface. > > Can you post your PF configuration ? >> >> After switching to ipfw/natd networking in the jail works. >> Could this be a bug? > > I think you had an issue with firewall that block name resolution and > makes everything goes slow. At least you need one single line on your > pf.conf : > > nat on $public_interface form $jail_ip to any -> ($public_interface) Even when loading only the nat rule it doesn't work: nat on fxp0 from 192.168.1.0/24 to any -> $ext_addr Thanks. Herbert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADfJ1Pa1dpZ5StTTrG=8KVnFNzUuK58MhLXrg4prAqq4cKLK2g>