From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 10:05:12 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8F278F4F; Thu, 2 Oct 2014 10:05:12 +0000 (UTC) Received: from alogt.com (alogt.com [69.36.191.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6B8688C9; Thu, 2 Oct 2014 10:05:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Subject:Cc:To:From:Date; bh=Qunn3oJchJW/8dMRRNBHwK3VAM2pkJSqVvd8fHI0D6U=; b=u0YJ1L5YYGxbZ/WuVkJQP8tgVZUu6Bn2EkzxamT04MqrIWve+ruq5pHAR1Ysu8pDNk/BmzWEa6HPgoUDu+wfPKXWNCwkNMUGRheofKQs6zgmi1Pps/AFSG8VRrtpALAiPTsTHfkvatL/VqOIjxkfuCCYH62VIYYX3OwWzHcPMBs=; Received: from [182.4.74.116] (port=56086 helo=X220.alogt.com) by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1XZdG3-001FzD-2b; Thu, 02 Oct 2014 04:05:11 -0600 Date: Thu, 2 Oct 2014 18:05:06 +0800 From: Erich Dollansky To: freebsd-jail@freebsd.org Subject: no network connection from inside a jail Message-ID: <20141002180506.4965760b@X220.alogt.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - alogt.com X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id: erichsfreebsdlist@alogt.com X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 10:05:12 -0000 Hi, I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine until I started jails which connect to the Internet. It simply does not work anymore. When the browser from the jail connects to another jail on the same machine via HTTP, it all works. Accesses to the ouside of the machine fails. Even a ping to a local device does not work. ping 192.168.yyy.xxx ping: socket: Operation not permitted despite having security.jail.allow_raw_sockets: 1 Just to make sure, I upgraded also the world in all jails without any difference. UPDATING did not mention any changes since BETA1. I feel a bit lost now. What could have caused the problems? Erich From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 12:50:51 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B053E6E7; Thu, 2 Oct 2014 12:50:51 +0000 (UTC) Received: from m2.gritton.org (gritton.org [63.246.134.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7E105D45; Thu, 2 Oct 2014 12:50:51 +0000 (UTC) Received: from [192.168.0.34] (c-50-168-192-61.hsd1.ut.comcast.net [50.168.192.61]) (authenticated bits=0) by m2.gritton.org (8.14.9/8.14.9) with ESMTP id s92Cofte059491; Thu, 2 Oct 2014 06:50:42 -0600 (MDT) (envelope-from jamie@gritton.org) Message-ID: <542D4A1B.4060405@gritton.org> Date: Thu, 02 Oct 2014 06:50:35 -0600 From: James Gritton User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: Re: no network connection from inside a jail References: <20141002180506.4965760b@X220.alogt.com> In-Reply-To: <20141002180506.4965760b@X220.alogt.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 12:50:51 -0000 On 10/2/2014 4:05 AM, Erich Dollansky wrote: > Hi, > > I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine > until I started jails which connect to the Internet. It simply does not > work anymore. When the browser from the jail connects to another jail > on the same machine via HTTP, it all works. Accesses to the ouside of > the machine fails. > > Even a ping to a local device does not work. > > ping 192.168.yyy.xxx > ping: socket: Operation not permitted > > despite having > > security.jail.allow_raw_sockets: 1 > > Just to make sure, I upgraded also the world in all jails without any > difference. > > UPDATING did not mention any changes since BETA1. > > I feel a bit lost now. > > What could have caused the problems? > > Erich It would be handle to see what happens when the IP addresses are set on the jail in the first place. Try running: jail -r '*' jail -v -c '*' and look at the results when it (presumably) runs ifconfig. Hopefully, there'll be a clue there. - Jamie From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 14:10:22 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 065A9A4; Thu, 2 Oct 2014 14:10:22 +0000 (UTC) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A9A0C8AC; Thu, 2 Oct 2014 14:10:21 +0000 (UTC) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.14.9/8.14.9) with ESMTP id s92EAG2o056645 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 2 Oct 2014 08:10:16 -0600 (MDT) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.14.9/8.14.9/Submit) with ESMTP id s92EAGqh056642; Thu, 2 Oct 2014 08:10:16 -0600 (MDT) (envelope-from wblock@wonkity.com) Date: Thu, 2 Oct 2014 08:10:16 -0600 (MDT) From: Warren Block To: Erich Dollansky Subject: Re: no network connection from inside a jail In-Reply-To: <20141002180506.4965760b@X220.alogt.com> Message-ID: References: <20141002180506.4965760b@X220.alogt.com> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Thu, 02 Oct 2014 08:10:16 -0600 (MDT) Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 14:10:22 -0000 On Thu, 2 Oct 2014, Erich Dollansky wrote: > Hi, > > I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine > until I started jails which connect to the Internet. It simply does not > work anymore. When the browser from the jail connects to another jail > on the same machine via HTTP, it all works. Accesses to the ouside of > the machine fails. > > Even a ping to a local device does not work. > > ping 192.168.yyy.xxx > ping: socket: Operation not permitted > > despite having > > security.jail.allow_raw_sockets: 1 > > Just to make sure, I upgraded also the world in all jails without any > difference. > > UPDATING did not mention any changes since BETA1. > > I feel a bit lost now. > > What could have caused the problems? Does the jail have more than one Ethernet interface? From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 14:26:00 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9829F4C0; Thu, 2 Oct 2014 14:26:00 +0000 (UTC) Received: from alogt.com (alogt.com [69.36.191.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 71242ACA; Thu, 2 Oct 2014 14:26:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=3g4yXwnJ4/b0HSgriH0eARqBRodkTH6rAa/t0VA2cQw=; b=vv1b3RmLQmxP3QzqyydspGtROeq8lRIkQTVG1jWhkDxH9p78SJDUY9S5h/TpjPctn7bIsL2fLYZzwfAa3nWV0KVexmxVQnrc26qN6YCZKa+0+a8QoAou4Ar3ZrZxqnMkm8H6yCbHXv2a2scfPl+xYdPPXBA+uPLPZ2crGRA5MJw=; Received: from [182.8.252.102] (port=46198 helo=X220.alogt.com) by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1XZhKQ-003fnR-Rn; Thu, 02 Oct 2014 08:25:59 -0600 Date: Thu, 2 Oct 2014 22:25:53 +0800 From: Erich Dollansky To: James Gritton Subject: Re: no network connection from inside a jail Message-ID: <20141002222553.42bf17e3@X220.alogt.com> In-Reply-To: <542D4A1B.4060405@gritton.org> References: <20141002180506.4965760b@X220.alogt.com> <542D4A1B.4060405@gritton.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - alogt.com X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id: erichsfreebsdlist@alogt.com X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 14:26:00 -0000 Hi, On Thu, 02 Oct 2014 06:50:35 -0600 James Gritton wrote: > On 10/2/2014 4:05 AM, Erich Dollansky wrote: > > Hi, > > > > I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine > > until I started jails which connect to the Internet. It simply does > > not work anymore. When the browser from the jail connects to > > another jail on the same machine via HTTP, it all works. Accesses > > to the ouside of the machine fails. > > > > Even a ping to a local device does not work. > > > > ping 192.168.yyy.xxx > > ping: socket: Operation not permitted > > > > despite having > > > > security.jail.allow_raw_sockets: 1 > > > > Just to make sure, I upgraded also the world in all jails without > > any difference. > > > > UPDATING did not mention any changes since BETA1. > > > > I feel a bit lost now. > > > > What could have caused the problems? > > > > Erich > > It would be handle to see what happens when the IP addresses are set > on the jail in the first place. Try running: > > jail -r '*' > jail -v -c '*' > > and look at the results when it (presumably) runs ifconfig. > Hopefully, there'll be a clue there. this looks pretty normal to me: ClawsMailTest: run command: /sbin/ifconfig lagg0 inet 192.168.0.17 netmask 255.255.255.255 -alias MemDisk: run command: /sbin/ifconfig lagg0 inet 192.168.0.16 netmask 255.255.255.255 alias Projekte: run command: /sbin/ifconfig lagg0 inet 192.168.0.11 netmask 255.255.255.255 alias Ports: run command: /sbin/ifconfig lagg0 inet 192.168.0.12 netmask 255.255.255.255 alias TestInternet: run command: /sbin/ifconfig lagg0 inet 192.168.0.19 netmask 255.255.255.255 alias TestInternet: run command: /sbin/mount -t devfs -oruleset=4 . /usr/home/jails/TestInternet/dev This is just an extract. I am now able to use ping. It only allows me to ping other jails on the same machine. Even a ping to any device at the LAN does not work. I get now this: ln: /dev/log: Operation not permitted which I did not notice before the upgrade. What I did not mention before. I am able to connect to the jails via telnet from the machine's rooot but not from any other machine. Of course, the setup worked before without any problems. Erich From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 14:44:35 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B18C4AD0; Thu, 2 Oct 2014 14:44:35 +0000 (UTC) Received: from alogt.com (alogt.com [69.36.191.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8B4BCCC8; Thu, 2 Oct 2014 14:44:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=yr3pl8PkRr//6bIbVgmzOUg0Ywkjl/u0UDxm1g3pOvI=; b=azv1V/UP2eaiwQp/2CiaMKFmSipdtGXx9gf9kAWaMiK5hAgRY88QW/oNd1binjWNIXKcHZv4hEpC5IbKl0F2fe9sJiHaUd8jYSVAA9yCNXre5rVKIXkvG15L7Omvx4J1Wy5+/fXYOKWQBtdFwUcJCKF5AiqAoH+bR3NzCaRZr7s=; Received: from [182.8.252.102] (port=65071 helo=X220.alogt.com) by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1XZhcQ-003tFR-9O; Thu, 02 Oct 2014 08:44:35 -0600 Date: Thu, 2 Oct 2014 22:44:30 +0800 From: Erich Dollansky To: Warren Block Subject: Re: no network connection from inside a jail Message-ID: <20141002224430.7a4cb3f3@X220.alogt.com> In-Reply-To: References: <20141002180506.4965760b@X220.alogt.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - alogt.com X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id: erichsfreebsdlist@alogt.com X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 14:44:35 -0000 Hi, On Thu, 2 Oct 2014 08:10:16 -0600 (MDT) Warren Block wrote: > On Thu, 2 Oct 2014, Erich Dollansky wrote: > > > Hi, > > > > I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine > > until I started jails which connect to the Internet. It simply does > > not work anymore. When the browser from the jail connects to > > another jail on the same machine via HTTP, it all works. Accesses > > to the ouside of the machine fails. > > > > Even a ping to a local device does not work. > > > > ping 192.168.yyy.xxx > > ping: socket: Operation not permitted > > > > despite having > > > > security.jail.allow_raw_sockets: 1 > > > > Just to make sure, I upgraded also the world in all jails without > > any difference. > > > > UPDATING did not mention any changes since BETA1. > > > > I feel a bit lost now. > > > > What could have caused the problems? > > Does the jail have more than one Ethernet interface? not really. Lagg is used to switch between wireless and wire: em0: flags=8843 metric 0 mtu 1500 options=4219b ether f0:de:f1:cd:10:3a media: Ethernet autoselect status: no carrier iwn0: flags=8843 metric 0 mtu 2290 ether f0:de:f1:cd:10:3a media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng status: associated lo0: flags=8049 metric 0 mtu 16384 options=600003 lagg0: flags=8843 metric 0 mtu 1500 ether f0:de:f1:cd:10:3a inet 192.168.0.18 netmask 0xffffffff broadcast 192.168.0.18 media: Ethernet autoselect status: active laggproto failover lagghash l2,l3,l4 laggport: wlan0 flags=4 laggport: em0 flags=1 wlan0: flags=8843 metric 0 mtu 1500 ether f0:de:f1:cd:10:3a media: IEEE 802.11 Wireless Ethernet MCS mode 11ng status: associated ssid xxxxxx channel 1 (2412 MHz 11g ht/40+) bssid 90:61:0c:13:36:fe country US authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit txpower 14 bmiss 10 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 64 protmode CTS ampdulimit 32k ampdudensity 16 -amsdutx amsdurx shortgi wme roaming MANUAL The address 192.168.0.18 is also not reachable from outside. Erich From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 14:45:59 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B73B1C1A for ; Thu, 2 Oct 2014 14:45:59 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 91786CF7 for ; Thu, 2 Oct 2014 14:45:59 +0000 (UTC) Received: from [192.168.1.2] (Seawolf.HML3.ScaleEngine.net [209.51.186.28]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id E90DA5813D for ; Thu, 2 Oct 2014 14:45:57 +0000 (UTC) Message-ID: <542D6539.4020904@freebsd.org> Date: Thu, 02 Oct 2014 10:46:17 -0400 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: no network connection from inside a jail References: <20141002180506.4965760b@X220.alogt.com> In-Reply-To: <20141002180506.4965760b@X220.alogt.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TSTpHgLbk08LJVQtK31RDkR0iE1B3knBr" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 14:45:59 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --TSTpHgLbk08LJVQtK31RDkR0iE1B3knBr Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2014-10-02 06:05, Erich Dollansky wrote: > Hi, >=20 > I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine > until I started jails which connect to the Internet. It simply does not= > work anymore. When the browser from the jail connects to another jail > on the same machine via HTTP, it all works. Accesses to the ouside of > the machine fails. >=20 > Even a ping to a local device does not work. >=20 > ping 192.168.yyy.xxx > ping: socket: Operation not permitted >=20 > despite having >=20 > security.jail.allow_raw_sockets: 1 >=20 > Just to make sure, I upgraded also the world in all jails without any > difference. >=20 > UPDATING did not mention any changes since BETA1. >=20 > I feel a bit lost now. >=20 > What could have caused the problems? >=20 > Erich > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 Isn't allow_raw_sockets a per-jail setting via the new jail.conf system n= ow? When you upgraded to 10.1 was it from 9? --=20 Allan Jude --TSTpHgLbk08LJVQtK31RDkR0iE1B3knBr Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJULWU7AAoJEJrBFpNRJZKfJJwP/i3/uxE0CU/0P6X1wdmISbew 8GyCOwEqbUbs6ap8trmHpce4u7IeHxmH14lS/y2U3KzsZmMbfBqc9ySLij0tMm5y TjUpGEdqcVmWVBFKF8DJ4oue/VZwyhFV/1MXLUleOim+xiQ+6NuhzG8jHUHTJz7Z zeR1IvBS6S08yOxB7cPgNjgiPiMTKpeMJJAsFkCRYffzwYVs4imCV6T2OttJnrL9 vAej+u7oqEqlGNWis0kf5jk3qS2/q3NEmIA/JEJzadK3wkcBeobLsQqkwXEtza5a STZmuTpZ/NvawjbaAyjYwz7Ys1St09hvyHQWUpx+8Xf98Q4UQIXL5q0m0ndNxG5r RQuxvKBHFkDS1SCYsXrqnbH59LspTF+fIzNZ8TVPJe7BGnRyb5PECqIo+clhXqVy thAK88/32NDUDf69qJGYwizlSRrqygefeGiSVqtnNfv0X0I2a7+MlpJfc9rtYpK+ sfzYvcaldHwTcV+RzF+i0MITp78vjcyqI997O0hIizbCiMortzMBbMfG5xzeEbWx 5JFO/qlO7POAEALNy3M79RDptXJRqEProoKzTPIvsAthAroYMNVKIp/Efa0O5vbL ns8x9mJEsQhWOFZAcLRx8rebOzImlBF4PXMw7OeT4s4Nl3lvAtX6hDc/ZcwzHg8l DPlGqKu2SIM6UG7VoENI =rSkg -----END PGP SIGNATURE----- --TSTpHgLbk08LJVQtK31RDkR0iE1B3knBr-- From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 14:58:13 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 959E7146; Thu, 2 Oct 2014 14:58:13 +0000 (UTC) Received: from alogt.com (alogt.com [69.36.191.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7171EE43; Thu, 2 Oct 2014 14:58:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=+Zxw0RGsNL5UzFZ4s8YoWertfTUkxDLEGZMzn12LTpE=; b=oGl3TWIj+WyHUefzW2nhvCNBcoR+7Q3xBSwH3GePbIubVRDxGROEExlJBQkKKiXj9karr4R5tLiOZ0K0XKz0edis+rMwqIrnAzGcwZyXLSddOxBtuOhp2qHH9JYx5YebJHdulmaYGpUFhP4N1RVRre22jO8DCo8xESyYsIvI+SI=; Received: from [182.8.252.102] (port=32840 helo=X220.alogt.com) by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1XZhpb-0049Zv-Cf; Thu, 02 Oct 2014 08:58:12 -0600 Date: Thu, 2 Oct 2014 22:58:01 +0800 From: Erich Dollansky To: Allan Jude Subject: Re: no network connection from inside a jail Message-ID: <20141002225801.32ccc889@X220.alogt.com> In-Reply-To: <542D6539.4020904@freebsd.org> References: <20141002180506.4965760b@X220.alogt.com> <542D6539.4020904@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - alogt.com X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id: erichsfreebsdlist@alogt.com X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 14:58:13 -0000 Hi, On Thu, 02 Oct 2014 10:46:17 -0400 Allan Jude wrote: > On 2014-10-02 06:05, Erich Dollansky wrote: > > despite having > > > > security.jail.allow_raw_sockets: 1 > > > Isn't allow_raw_sockets a per-jail setting via the new jail.conf > system now? > > When you upgraded to 10.1 was it from 9? > no, I upgraded from something like BETA1 oder even BETA2. All I did in parallel was a compilation for a Raspberry. But these obejcts are all in a different directory and should not interfere here at all. I recompiled meanwhile and reinstalled 10.1 BETA3 with the same result. Erich From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 15:21:43 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B9E74BD4; Thu, 2 Oct 2014 15:21:43 +0000 (UTC) Received: from m2.gritton.org (gritton.org [63.246.134.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8695812B; Thu, 2 Oct 2014 15:21:43 +0000 (UTC) Received: from [192.168.0.34] (c-50-168-192-61.hsd1.ut.comcast.net [50.168.192.61]) (authenticated bits=0) by m2.gritton.org (8.14.9/8.14.9) with ESMTP id s92FLeJm060358; Thu, 2 Oct 2014 09:21:40 -0600 (MDT) (envelope-from jamie@gritton.org) Message-ID: <542D6D7D.6000507@gritton.org> Date: Thu, 02 Oct 2014 09:21:33 -0600 From: James Gritton User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: Re: no network connection from inside a jail References: <20141002180506.4965760b@X220.alogt.com> <542D4A1B.4060405@gritton.org> <20141002222553.42bf17e3@X220.alogt.com> In-Reply-To: <20141002222553.42bf17e3@X220.alogt.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 15:21:43 -0000 On 10/2/2014 8:25 AM, Erich Dollansky wrote: > Hi, > > On Thu, 02 Oct 2014 06:50:35 -0600 > James Gritton wrote: > >> On 10/2/2014 4:05 AM, Erich Dollansky wrote: >>> Hi, >>> >>> I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine >>> until I started jails which connect to the Internet. It simply does >>> not work anymore. When the browser from the jail connects to >>> another jail on the same machine via HTTP, it all works. Accesses >>> to the ouside of the machine fails. >>> >>> Even a ping to a local device does not work. >>> >>> ping 192.168.yyy.xxx >>> ping: socket: Operation not permitted >>> >>> despite having >>> >>> security.jail.allow_raw_sockets: 1 >>> >>> Just to make sure, I upgraded also the world in all jails without >>> any difference. >>> >>> UPDATING did not mention any changes since BETA1. >>> >>> I feel a bit lost now. >>> >>> What could have caused the problems? >>> >>> Erich >> It would be handle to see what happens when the IP addresses are set >> on the jail in the first place. Try running: >> >> jail -r '*' >> jail -v -c '*' >> >> and look at the results when it (presumably) runs ifconfig. >> Hopefully, there'll be a clue there. > this looks pretty normal to me: > > ClawsMailTest: run command: /sbin/ifconfig lagg0 inet 192.168.0.17 > netmask 255.255.255.255 -alias > MemDisk: run command: /sbin/ifconfig > lagg0 inet 192.168.0.16 netmask 255.255.255.255 alias > Projekte: run command: /sbin/ifconfig lagg0 inet 192.168.0.11 netmask > 255.255.255.255 alias > Ports: run command: /sbin/ifconfig lagg0 inet 192.168.0.12 netmask > 255.255.255.255 alias > TestInternet: run command: /sbin/ifconfig lagg0 > inet 192.168.0.19 netmask 255.255.255.255 alias TestInternet: run > command: /sbin/mount -t devfs > -oruleset=4 . /usr/home/jails/TestInternet/dev > > This is just an extract. > > I am now able to use ping. It only allows me to ping other jails on the > same machine. Even a ping to any device at the LAN does not work. > > I get now this: > > ln: /dev/log: Operation not permitted > > which I did not notice before the upgrade. > > What I did not mention before. I am able to connect to the jails via > telnet from the machine's rooot but not from any other machine. > > Of course, the setup worked before without any problems. Yes, that looks normal to me too. Also, don't worry about the /dev/log message - it's been there for quite a while. - Jamie From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 15:35:31 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 65DD9196; Thu, 2 Oct 2014 15:35:31 +0000 (UTC) Received: from m2.gritton.org (gritton.org [63.246.134.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 339F3350; Thu, 2 Oct 2014 15:35:30 +0000 (UTC) Received: from [192.168.0.34] (c-50-168-192-61.hsd1.ut.comcast.net [50.168.192.61]) (authenticated bits=0) by m2.gritton.org (8.14.9/8.14.9) with ESMTP id s92FZRMP060453; Thu, 2 Oct 2014 09:35:27 -0600 (MDT) (envelope-from jamie@gritton.org) Message-ID: <542D70B8.1090603@gritton.org> Date: Thu, 02 Oct 2014 09:35:20 -0600 From: James Gritton User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: Re: no network connection from inside a jail References: <20141002180506.4965760b@X220.alogt.com> In-Reply-To: <20141002180506.4965760b@X220.alogt.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 15:35:31 -0000 On 10/2/2014 4:05 AM, Erich Dollansky wrote: > Hi, > > I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine > until I started jails which connect to the Internet. It simply does not > work anymore. When the browser from the jail connects to another jail > on the same machine via HTTP, it all works. Accesses to the ouside of > the machine fails. > > Even a ping to a local device does not work. > > ping 192.168.yyy.xxx > ping: socket: Operation not permitted > > despite having > > security.jail.allow_raw_sockets: 1 > > Just to make sure, I upgraded also the world in all jails without any > difference. > > UPDATING did not mention any changes since BETA1. > > I feel a bit lost now. > > What could have caused the problems? > > Erich Having looked at an svn diff between BETA1 and BETA3, I'm at a loss. The only change involving jails was a few lines that tested a condition for a locking issue in the kernel (r271622). I also looked for any changes to lagg, on a hunch the problem might be there, but found nothing changed there either. - Jamie From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 16:37:27 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DA7B5DE3; Thu, 2 Oct 2014 16:37:27 +0000 (UTC) Received: from relay.mailchannels.net (aso-006-i424.relay.mailchannels.net [174.136.13.70]) by mx1.freebsd.org (Postfix) with ESMTP id A0C23CED; Thu, 2 Oct 2014 16:37:25 +0000 (UTC) X-Sender-Id: _forwarded-from|184.56.208.198 Received: from mail-24.name-services.com (ip-10-204-4-183.us-west-2.compute.internal [10.204.4.183]) by relay.mailchannels.net (Postfix) with ESMTPA id 8BF5C60F0C; Thu, 2 Oct 2014 16:28:26 +0000 (UTC) X-Sender-Id: _forwarded-from|184.56.208.198 Received: from mail-24.name-services.com (mail-24.name-services.com [10.245.145.206]) (using TLSv1 with cipher AES128-SHA) by 0.0.0.0:2500 (trex/5.2.14); Thu, 02 Oct 2014 16:28:30 GMT X-MC-Relay: Forwarding X-MailChannels-SenderId: _forwarded-from|184.56.208.198 X-MailChannels-Auth-Id: demandmedia X-MC-Loop-Signature: 1412267309464:147875531 X-MC-Ingress-Time: 1412267308507 Received: from [192.168.1.100] (cpe-184-56-208-198.neo.res.rr.com [184.56.208.198]) by mail-24.name-services.com with SMTP; Thu, 2 Oct 2014 09:28:20 -0700 Message-ID: <542D7D27.5050302@a1poweruser.com> Date: Thu, 02 Oct 2014 12:28:23 -0400 From: Fbsd8 User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Erich Dollansky Subject: Re: no network connection from inside a jail References: <20141002180506.4965760b@X220.alogt.com> In-Reply-To: <20141002180506.4965760b@X220.alogt.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 16:37:28 -0000 Erich Dollansky wrote: > Hi, > > I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine > until I started jails which connect to the Internet. It simply does not > work anymore. When the browser from the jail connects to another jail > on the same machine via HTTP, it all works. Accesses to the ouside of > the machine fails. > > Even a ping to a local device does not work. > > ping 192.168.yyy.xxx > ping: socket: Operation not permitted > > despite having > > security.jail.allow_raw_sockets: 1 > > Just to make sure, I upgraded also the world in all jails without any > difference. > > UPDATING did not mention any changes since BETA1. > > I feel a bit lost now. > > What could have caused the problems? > > Erich What version of the base system are your jails at? IE: are they at 10.0 or 10.1 xxx or some older version? What method did you use to define your jails [rc.conf or jail.conf]? From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 18:56:57 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 62A50F11; Thu, 2 Oct 2014 18:56:57 +0000 (UTC) Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com [IPv6:2a00:1450:400c:c05::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CE31CFBD; Thu, 2 Oct 2014 18:56:56 +0000 (UTC) Received: by mail-wi0-f178.google.com with SMTP id cc10so5072721wib.11 for ; Thu, 02 Oct 2014 11:56:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=0ohXGhybdItFMBe05fiAEpqy8I8ch6cQljbYYRRF9ig=; b=QVmknRg81e4Dbe4UlA3DRPKf3p8uQUgrXEhqOI8aMiQreMoxVA/fvXrCMMtBPDy/sd MJ6oeMhnKf8Tm8V/dWevm7tk/KqX5+BN2RdukZ4N+IwgbrU1/1cE4vFBsGHmt1gNE7AK ifDwrz1rPC/NYbItUkuS3I1xFdZPW5M1AZdCTYiKJB+3cRd0UiufvvLnwWC3KchqykRW sPmPOUWfiYeU+yDvOz5Ei75BpNThDtVta+Qo1HphaWuuQ6aF0cC6yS9tfHKEwPhOFv5k 9xE32fjw+GXwTy48uTaV3FGoujXCV4kuveCmCBc07MgdQ2AejLplMIDpRjI7WqZU/7/I h0bw== MIME-Version: 1.0 X-Received: by 10.180.77.132 with SMTP id s4mr6521103wiw.63.1412276215152; Thu, 02 Oct 2014 11:56:55 -0700 (PDT) Received: by 10.27.137.130 with HTTP; Thu, 2 Oct 2014 11:56:55 -0700 (PDT) In-Reply-To: <20141002222553.42bf17e3@X220.alogt.com> References: <20141002180506.4965760b@X220.alogt.com> <542D4A1B.4060405@gritton.org> <20141002222553.42bf17e3@X220.alogt.com> Date: Thu, 2 Oct 2014 21:56:55 +0300 Message-ID: Subject: Re: no network connection from inside a jail From: George Kontostanos To: Erich Dollansky Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-stable , freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 18:56:57 -0000 > > which I did not notice before the upgrade. > > What I did not mention before. I am able to connect to the jails via > telnet from the machine's rooot but not from any other machine. > > Of course, the setup worked before without any problems. > > Erich > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > Is the main (host) FreeBSD machine reachable from other machines over the network? -- George Kontostanos --- From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 22:58:27 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EBFF89D3; Thu, 2 Oct 2014 22:58:27 +0000 (UTC) Received: from alogt.com (alogt.com [69.36.191.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C4FCCE55; Thu, 2 Oct 2014 22:58:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=OSawSik/2+qSe6XrcJOv5heEpyp89kQvJRkzVdvaF/8=; b=sj5P8ggTjqrRSPRJ35Pgjw2unF3dpjvbs/DSOSXQmeUZ1GEs+O8g6MaLmycVT7EbpaZmGzYFISF8ZOURhvOWB/C5d/PPIDfuMbtGauKqISmLSnk9GhlX0bJgIusVToA5USExxgq2okAY0/Z1jGS9fYOMKozcbLZzNYD1w7N6/es=; Received: from [182.8.252.102] (port=58901 helo=X220.alogt.com) by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1XZpKL-00289k-Ow; Thu, 02 Oct 2014 16:58:26 -0600 Date: Fri, 3 Oct 2014 06:58:21 +0800 From: Erich Dollansky To: George Kontostanos Subject: Re: no network connection from inside a jail Message-ID: <20141003065821.675b30c0@X220.alogt.com> In-Reply-To: References: <20141002180506.4965760b@X220.alogt.com> <542D4A1B.4060405@gritton.org> <20141002222553.42bf17e3@X220.alogt.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - alogt.com X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id: erichsfreebsdlist@alogt.com X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-jail@freebsd.org, freebsd-stable X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 22:58:28 -0000 Hi, On Thu, 2 Oct 2014 21:56:55 +0300 George Kontostanos wrote: > > > > which I did not notice before the upgrade. > > > > What I did not mention before. I am able to connect to the jails via > > telnet from the machine's rooot but not from any other machine. > > > > Of course, the setup worked before without any problems. > > > > Is the main (host) FreeBSD machine reachable from other machines over > the network? > yes, it is. Erich From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 23:03:37 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E911BB1E; Thu, 2 Oct 2014 23:03:37 +0000 (UTC) Received: from alogt.com (alogt.com [69.36.191.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C366DF0A; Thu, 2 Oct 2014 23:03:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=Akg5aMaVA1EkO8w5UBH/W1qn8krDBc7GjELUdb/00x0=; b=hvpp1c0mPBob2/OYq3DnKTZvziJngUUMRG3dCxuTrD0dYCsmbOTa508JorhvGO1RxainLXDxRJpgsk6wvpf9PKMmf0EpniZcCVAvBjyWs5wL/Xmsyosn4SD303UEC5hcyRo1IQLSnRkCidj3vJaw4fm7fuslXDmnisn4JFttdSI=; Received: from [182.8.252.102] (port=45624 helo=X220.alogt.com) by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1XZpPM-002BQm-5g; Thu, 02 Oct 2014 17:03:36 -0600 Date: Fri, 3 Oct 2014 07:03:32 +0800 From: Erich Dollansky To: Fbsd8 Subject: Re: no network connection from inside a jail Message-ID: <20141003070332.489df407@X220.alogt.com> In-Reply-To: <542D7D27.5050302@a1poweruser.com> References: <20141002180506.4965760b@X220.alogt.com> <542D7D27.5050302@a1poweruser.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - alogt.com X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id: erichsfreebsdlist@alogt.com X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 23:03:38 -0000 Hi, On Thu, 02 Oct 2014 12:28:23 -0400 Fbsd8 wrote: > Erich Dollansky wrote: > > I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine > > until I started jails which connect to the Internet. It simply does > > not work anymore. When the browser from the jail connects to > > another jail on the same machine via HTTP, it all works. Accesses > > to the ouside of the machine fails. > > > > What version of the base system are your jails at? IE: are they at > 10.0 or 10.1 xxx or some older version? this was my first thought too. The base system runs on BETA3 but the jails have been some 10.0 from around March. So, I also updated them without a change. > What method did you use to define your jails [rc.conf or jail.conf]? jail.conf. Erich From owner-freebsd-jail@FreeBSD.ORG Thu Oct 2 23:07:25 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BB954CBE; Thu, 2 Oct 2014 23:07:25 +0000 (UTC) Received: from alogt.com (alogt.com [69.36.191.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 96003F44; Thu, 2 Oct 2014 23:07:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=jYRfNN7qQtuvTVvxlvbC1OCH1DAiXRo4Z1U5SUU5HL8=; b=ohCmkinH0RPl3WKCkpZHJe+t07Pf/VhwnPet0RG4MXM341dXyv9VeeWL0iKkbTGPPh6V44yVlPFvTzlZz6ozeQrM/4Nhrxae36XyTpl8QZCIBJSp/H1oangYpBp0XTAmVa0N97Hxj+NgKFy/dkxD+Qf1LdF2+9+C4NkhGnMz8H0=; Received: from [182.8.252.102] (port=39886 helo=X220.alogt.com) by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1XZpT2-002Djn-Dw; Thu, 02 Oct 2014 17:07:25 -0600 Date: Fri, 3 Oct 2014 07:07:20 +0800 From: Erich Dollansky To: James Gritton Subject: Re: no network connection from inside a jail Message-ID: <20141003070720.20526c18@X220.alogt.com> In-Reply-To: <542D70B8.1090603@gritton.org> References: <20141002180506.4965760b@X220.alogt.com> <542D70B8.1090603@gritton.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - alogt.com X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id: erichsfreebsdlist@alogt.com X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 23:07:25 -0000 Hi, On Thu, 02 Oct 2014 09:35:20 -0600 James Gritton wrote: > On 10/2/2014 4:05 AM, Erich Dollansky wrote: > > > > I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine > > until I started jails which connect to the Internet. It simply does > > not work anymore. When the browser from the jail connects to > > another jail on the same machine via HTTP, it all works. Accesses > > to the ouside of the machine fails. > > > > Having looked at an svn diff between BETA1 and BETA3, I'm at a loss. > The only change involving jails was a few lines that tested a > condition for a locking issue in the kernel (r271622). I also looked > for any changes to lagg, on a hunch the problem might be there, but > found nothing changed there either. > oh thanks. It all is really weird. The last thing I did was building an image for a Raspberry. I have not the slidest imagination how this could affect the machine so that all other things still work but not the network inside a jail. Of course, installing an ARM binary will ruin the machine as such but not just one little function. Erich