Date: Thu, 2 Oct 2014 22:25:53 +0800 From: Erich Dollansky <erichsfreebsdlist@alogt.com> To: James Gritton <jamie@gritton.org> Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: Re: no network connection from inside a jail Message-ID: <20141002222553.42bf17e3@X220.alogt.com> In-Reply-To: <542D4A1B.4060405@gritton.org> References: <20141002180506.4965760b@X220.alogt.com> <542D4A1B.4060405@gritton.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Thu, 02 Oct 2014 06:50:35 -0600 James Gritton <jamie@gritton.org> wrote: > On 10/2/2014 4:05 AM, Erich Dollansky wrote: > > Hi, > > > > I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine > > until I started jails which connect to the Internet. It simply does > > not work anymore. When the browser from the jail connects to > > another jail on the same machine via HTTP, it all works. Accesses > > to the ouside of the machine fails. > > > > Even a ping to a local device does not work. > > > > ping 192.168.yyy.xxx > > ping: socket: Operation not permitted > > > > despite having > > > > security.jail.allow_raw_sockets: 1 > > > > Just to make sure, I upgraded also the world in all jails without > > any difference. > > > > UPDATING did not mention any changes since BETA1. > > > > I feel a bit lost now. > > > > What could have caused the problems? > > > > Erich > > It would be handle to see what happens when the IP addresses are set > on the jail in the first place. Try running: > > jail -r '*' > jail -v -c '*' > > and look at the results when it (presumably) runs ifconfig. > Hopefully, there'll be a clue there. this looks pretty normal to me: ClawsMailTest: run command: /sbin/ifconfig lagg0 inet 192.168.0.17 netmask 255.255.255.255 -alias MemDisk: run command: /sbin/ifconfig lagg0 inet 192.168.0.16 netmask 255.255.255.255 alias Projekte: run command: /sbin/ifconfig lagg0 inet 192.168.0.11 netmask 255.255.255.255 alias Ports: run command: /sbin/ifconfig lagg0 inet 192.168.0.12 netmask 255.255.255.255 alias TestInternet: run command: /sbin/ifconfig lagg0 inet 192.168.0.19 netmask 255.255.255.255 alias TestInternet: run command: /sbin/mount -t devfs -oruleset=4 . /usr/home/jails/TestInternet/dev This is just an extract. I am now able to use ping. It only allows me to ping other jails on the same machine. Even a ping to any device at the LAN does not work. I get now this: ln: /dev/log: Operation not permitted which I did not notice before the upgrade. What I did not mention before. I am able to connect to the jails via telnet from the machine's rooot but not from any other machine. Of course, the setup worked before without any problems. Erich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141002222553.42bf17e3>