From owner-freebsd-jail@FreeBSD.ORG Mon Jun 9 05:59:28 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53C7F1065677 for ; Mon, 9 Jun 2008 05:59:28 +0000 (UTC) (envelope-from nbari@k9.cx) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.231]) by mx1.freebsd.org (Postfix) with ESMTP id 171F28FC0C for ; Mon, 9 Jun 2008 05:59:27 +0000 (UTC) (envelope-from nbari@k9.cx) Received: by wr-out-0506.google.com with SMTP id 50so940570wra.13 for ; Sun, 08 Jun 2008 22:59:27 -0700 (PDT) Received: by 10.90.98.13 with SMTP id v13mr3000879agb.54.1212991167215; Sun, 08 Jun 2008 22:59:27 -0700 (PDT) Received: from ?192.168.3.2? ( [201.161.25.205]) by mx.google.com with ESMTPS id 44sm7429496wri.34.2008.06.08.22.59.26 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 08 Jun 2008 22:59:26 -0700 (PDT) Message-Id: From: Nicolas de Bari Embriz Garcia Rojas To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v924) Date: Mon, 9 Jun 2008 00:59:24 -0500 X-Mailer: Apple Mail (2.924) Subject: ipsec ipencap X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2008 05:59:28 -0000 this option IPSEC_FILTERGIF seems only to work when using ipencap, but any idea on how to make it work when not using ipencap ? regards. I had to make an VPN using IPSEC, the vpn is on the master host and is working but if it is only available from the master host not the jails, how can i make the jails to ping/access/telnet the VPN? I have something like this: 192.10.10.1---->A.A.A.A<------VPN /INTERNET--------->B.B.B.B--- >196.18.20.121 jails1 --->A.A.A.1 _| jails2 --->A.A.A.2 _| the jail1 is the one that needs the vpn to acces but if y try to ping 196.18.20.121 from jail1 with public IP (A.A.A.1) does not get any response, the VPN is only working from the master host. Any ideas on how to fixt this? my kernel has already compiled with: options IPSEC options IPSEC_ESP options IPSEC_DEBUG options IPSEC_FILTERGIF device crypto device enc options IPSEC_NAT_T regards -- > nbari From owner-freebsd-jail@FreeBSD.ORG Mon Jun 9 11:07:01 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AA34D10656B0 for ; Mon, 9 Jun 2008 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8F8DD8FC1B for ; Mon, 9 Jun 2008 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m59B71OV070786 for ; Mon, 9 Jun 2008 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m59B71k6070782 for freebsd-jail@FreeBSD.org; Mon, 9 Jun 2008 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 9 Jun 2008 11:07:01 GMT Message-Id: <200806091107.m59B71k6070782@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2008 11:07:01 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail 2 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o kern/120753 jail [jail] Zombie jails (jailed child process exits while 9 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Jun 9 17:35:07 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7500B1065687 for ; Mon, 9 Jun 2008 17:35:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 330FB8FC1D for ; Mon, 9 Jun 2008 17:35:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 86D3E41C756; Mon, 9 Jun 2008 19:35:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id ZQa+aaIdB3DE; Mon, 9 Jun 2008 19:35:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 2416D41C751; Mon, 9 Jun 2008 19:35:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 5F4E044487F; Mon, 9 Jun 2008 17:34:36 +0000 (UTC) Date: Mon, 9 Jun 2008 17:34:36 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Nicolas de Bari Embriz Garcia Rojas In-Reply-To: <4F5A1DE6-3E56-4F53-9C0F-90D318DF8AC7@k9.cx> Message-ID: <20080609173344.O83875@maildrop.int.zabbadoz.net> References: <4F5A1DE6-3E56-4F53-9C0F-90D318DF8AC7@k9.cx> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: ipsec X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2008 17:35:07 -0000 On Fri, 6 Jun 2008, Nicolas de Bari Embriz Garcia Rojas wrote: > I had to make an VPN using IPSEC, the vpn is on the master host and is > working but if it is only available from the master host not the jails, how > can i make the jails to ping/access/telnet the VPN? use a correct policy on the base host (you cannot do this from within the jail). PS: things like this are better discussed on net@ -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Mon Jun 9 19:36:22 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1CC11106566B for ; Mon, 9 Jun 2008 19:36:22 +0000 (UTC) (envelope-from nbari@k9.cx) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.247]) by mx1.freebsd.org (Postfix) with ESMTP id D65758FC16 for ; Mon, 9 Jun 2008 19:36:21 +0000 (UTC) (envelope-from nbari@k9.cx) Received: by an-out-0708.google.com with SMTP id b33so556303ana.13 for ; Mon, 09 Jun 2008 12:36:21 -0700 (PDT) Received: by 10.100.202.9 with SMTP id z9mr4294181anf.8.1213040178225; Mon, 09 Jun 2008 12:36:18 -0700 (PDT) Received: from ?192.168.1.10? ( [148.244.166.166]) by mx.google.com with ESMTPS id a38sm310092rnc.4.2008.06.09.12.36.16 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 09 Jun 2008 12:36:17 -0700 (PDT) Message-Id: <10EDE3B1-4574-4EEA-B913-AE72AF89DCD0@k9.cx> From: Nicolas de Bari Embriz Garcia Rojas To: Bjoern A. Zeeb In-Reply-To: <20080609173344.O83875@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v924) Date: Mon, 9 Jun 2008 14:36:13 -0500 References: <4F5A1DE6-3E56-4F53-9C0F-90D318DF8AC7@k9.cx> <20080609173344.O83875@maildrop.int.zabbadoz.net> X-Mailer: Apple Mail (2.924) Cc: freebsd-jail@freebsd.org Subject: Re: ipsec X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2008 19:36:22 -0000 Hello, how to use the correct policy on the base host ? can you please explain more. regards. -- > nbari On Jun 9, 2008, at 12:34 PM, Bjoern A. Zeeb wrote: > On Fri, 6 Jun 2008, Nicolas de Bari Embriz Garcia Rojas wrote: > >> I had to make an VPN using IPSEC, the vpn is on the master host and >> is working but if it is only available from the master host not the >> jails, how can i make the jails to ping/access/telnet the VPN? > > use a correct policy on the base host (you cannot do this from within > the jail). > > > PS: things like this are better discussed on net@ > > -- > Bjoern A. Zeeb Stop bit received. Insert coin for new > game. From owner-freebsd-jail@FreeBSD.ORG Thu Jun 12 23:50:01 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B45D1065673 for ; Thu, 12 Jun 2008 23:50:01 +0000 (UTC) (envelope-from cco1817-0@yahoo.de) Received: from web27606.mail.ukl.yahoo.com (web27606.mail.ukl.yahoo.com [217.146.177.225]) by mx1.freebsd.org (Postfix) with SMTP id D1D0B8FC23 for ; Thu, 12 Jun 2008 23:50:00 +0000 (UTC) (envelope-from cco1817-0@yahoo.de) Received: (qmail 80101 invoked by uid 60001); 12 Jun 2008 23:23:19 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.de; h=Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Message-ID; b=yYfZoAMFQEOiEuZUvKY44WNLtGuP7LSgpA4bSQ+JUFLS+iZ+45mgSm04a/CdgLuBdF6PQWyKYxd3b3aH08FnIfgfZ8jxH5+rdG9QPlX+79YGSkT671+OZ/3x/3/OrSr/t7o6tWZiW25j+M3/zOj3CDth6YLqbXjacmt33gbk/q4=; Received: from [81.210.240.121] by web27606.mail.ukl.yahoo.com via HTTP; Thu, 12 Jun 2008 23:23:19 GMT X-Mailer: YahooMailWebService/0.7.199 Date: Thu, 12 Jun 2008 23:23:19 +0000 (GMT) From: cco1817-0@yahoo.de To: freebsd-jail@freebsd.org MIME-Version: 1.0 Message-ID: <192473.80058.qm@web27606.mail.ukl.yahoo.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Populating a jail with "make world"??? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: cco1817-0@yahoo.de List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2008 23:50:01 -0000 Hello, I'm about to learn how to use jails and I've some confusions after reading = the handbook and some other ressources. Chapter 23.4 warns "do not use make world". Chapter 15.4 invites me to use "make world" etc. to populate a jail. I've never used "make world" or "make buildworld" until now. I used the ins= tall.sh scripts from RELEASE images to install a new machine or to "update"= (reason for this: I don't know what make **** is doing). Can someone pleas= e explain me the disadvantages if I use the install.sh scripts for my (serv= ice-) jails? BTW: No related to jails, but does it make sense to recompile a freshly ins= talled system completely using "make world/buildworld"? Thanks in advance! Ede =0A=0A=0A __________________________________________________________= =0AGesendet von Yahoo! Mail.=0ADem pfiffigeren Posteingang.=0Ahttp://de.ove= rview.mail.yahoo.com From owner-freebsd-jail@FreeBSD.ORG Fri Jun 13 00:25:43 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 995731065672 for ; Fri, 13 Jun 2008 00:25:43 +0000 (UTC) (envelope-from jorge@bsdchile.cl) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.174]) by mx1.freebsd.org (Postfix) with ESMTP id 75B4C8FC15 for ; Fri, 13 Jun 2008 00:25:43 +0000 (UTC) (envelope-from jorge@bsdchile.cl) Received: by wf-out-1314.google.com with SMTP id 24so3672512wfg.7 for ; Thu, 12 Jun 2008 17:25:43 -0700 (PDT) Received: by 10.142.135.16 with SMTP id i16mr775009wfd.341.1213316742634; Thu, 12 Jun 2008 17:25:42 -0700 (PDT) Received: by 10.142.48.20 with HTTP; Thu, 12 Jun 2008 17:25:42 -0700 (PDT) Message-ID: <28d0e6b80806121725p641a9a1fv27fb082d1bee1a82@mail.gmail.com> Date: Thu, 12 Jun 2008 20:25:42 -0400 From: "Jorge Medina" To: freebsd-jail@freebsd.org In-Reply-To: <192473.80058.qm@web27606.mail.ukl.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <192473.80058.qm@web27606.mail.ukl.yahoo.com> Subject: Re: Populating a jail with "make world"??? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jun 2008 00:25:43 -0000 On Thu, Jun 12, 2008 at 7:23 PM, wrote: > Hello, > > I'm about to learn how to use jails and I've some confusions after readin= g the handbook and some other ressources. > > Chapter 23.4 warns "do not use make world". > Chapter 15.4 invites me to use "make world" etc. to populate a jail. you just follow this steps: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-build.html and work fine. > I've never used "make world" or "make buildworld" until now. I used the i= nstall.sh scripts from RELEASE images to install a new machine or to "updat= e" (reason for this: I don't know what make **** is doing). Can someone ple= ase explain me the disadvantages if I use the install.sh scripts for my (se= rvice-) jails? > > BTW: No related to jails, but does it make sense to recompile a freshly i= nstalled system completely using "make world/buildworld"? > > Thanks in advance! > Ede > > > > __________________________________________________________ > Gesendet von Yahoo! Mail. > Dem pfiffigeren Posteingang. > http://de.overview.mail.yahoo.com > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > --=20 Jorge Andr=E9s Medina Oliva. Systems Manager and Developer. BSDCHiLE.