From owner-freebsd-questions@FreeBSD.ORG Tue Jul 17 07:59:31 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 76A991065674 for ; Tue, 17 Jul 2012 07:59:31 +0000 (UTC) (envelope-from kalle.moller@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 36E058FC1E for ; Tue, 17 Jul 2012 07:59:31 +0000 (UTC) Received: by obbun3 with SMTP id un3so288728obb.13 for ; Tue, 17 Jul 2012 00:59:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=hqU26GBe6CbJkPhOUi0VXG5VyoIZ4o83k+NoVoyd4Vc=; b=zHtF6iCRsWiFFIdV/ZqLlTB2s0hAP7zZFZ6i+0O5mJRSnsz7ulJog9NJcuy6YRJvFn eCb5e1mb1Y+ptR+TqwL6XepmHy5wAx3fYpT3AlfgXzZPjV30a5pr/p+eZ2NwwTcYanFY z3R1fIvKX7X5s6ixa2ZbYZxhnQZgZtJTb22IVxD0IQj4WFCG/PWRez0Qo7XdOop78eK/ 6wyF4rAKqmWT0mBrwcIEAvyiOZ37TAOu56pi//rtgDLZE1WMCi6BcxDt3J2GdueQeIm+ cmxYL6/em3JgN4aKq9sVQmGECk5blQ0+igAauIgGH2Xvhbewej31AMQbsgdPyyWIpw5/ wo9w== MIME-Version: 1.0 Received: by 10.182.89.102 with SMTP id bn6mr2033726obb.7.1342511970596; Tue, 17 Jul 2012 00:59:30 -0700 (PDT) Sender: kalle.moller@gmail.com Received: by 10.60.142.67 with HTTP; Tue, 17 Jul 2012 00:59:30 -0700 (PDT) In-Reply-To: References: <87fw8yariq.wl%h.skuhra@gmail.com> Date: Tue, 17 Jul 2012 09:59:30 +0200 X-Google-Sender-Auth: grHJP7hL1eaiF5tjK22fPOSCmfw Message-ID: From: =?UTF-8?Q?Kalle_M=C3=B8ller?= To: "Herbert J. Skuhra" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: Jails on FreeBSD 9.0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jul 2012 07:59:31 -0000 On Thu, Jul 12, 2012 at 9:04 PM, Herbert J. Skuhra wro= te: > On Thu, Jul 12, 2012 at 11:56 AM, joris dedieu w= rote: >> 2012/7/12 Herbert J. Skuhra : >>> On Wed, Jul 11, 2012 at 11:59 PM, Herbert J. Skuhra wrote: >>>> Hi, >>>> >>>> although I've followed the instructions in jail(8) and jail.conf(5) I >>>> cannot manage to setup jails on FreeBSD 9.0 STABLE (r238334). >>>> >>>> The symptons: >>>> >>>> * ssh'ing to jail works, but it takes about 20 seconds until password >>>> prompt appears >> >> Does it still the same with UseDNS=3Dno in /etc/ssh/sshd_config ? > > No, I can login instantly. > >>>> * netstat -r in the jail takes about 150 seconds to finish >> >> Does netstat -rn does the same ? > > No, the output appears immediately. > >>>> * connections to the internet time out; with tcpdump I see that >>>> packets leave and enter the public interface on the host, but never >>>> reach the jail >>>> >>>> I use lo1 interface and ip address 192.168.1.1/24 for the jail. Public >>>> interface is fxp0 with both an IPv4 and an IPv6 address assigned. >>>> Of course, nat is enable via pf on the public interface. >> >> Can you post your PF configuration ? >>> >>> After switching to ipfw/natd networking in the jail works. >>> Could this be a bug? >> >> I think you had an issue with firewall that block name resolution and >> makes everything goes slow. At least you need one single line on your >> pf.conf : >> >> nat on $public_interface form $jail_ip to any -> ($public_interface) > > Even when loading only the nat rule it doesn't work: > > nat on fxp0 from 192.168.1.0/24 to any -> $ext_addr > > Thanks. > Herbert > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" As Mark Felder wrote You don't have anything in /etc/resolv.conf, in the jail do you? :-) --=20 Med Venlig Hilsen Kalle R. M=C3=B8ller