From owner-freebsd-jail@FreeBSD.ORG Mon Jul 9 11:07:13 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7F96E1065670 for ; Mon, 9 Jul 2012 11:07:13 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 69BAB8FC22 for ; Mon, 9 Jul 2012 11:07:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q69B7DKt075464 for ; Mon, 9 Jul 2012 11:07:13 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q69B7C6O075462 for freebsd-jail@FreeBSD.org; Mon, 9 Jul 2012 11:07:12 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 9 Jul 2012 11:07:12 GMT Message-Id: <201207091107.q69B7C6O075462@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 11:07:13 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 12 problems total. From owner-freebsd-jail@FreeBSD.ORG Wed Jul 11 21:59:47 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 13D4F106566B for ; Wed, 11 Jul 2012 21:59:47 +0000 (UTC) (envelope-from h.skuhra@gmail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 969A68FC0C for ; Wed, 11 Jul 2012 21:59:46 +0000 (UTC) Received: by eabm6 with SMTP id m6so606677eab.13 for ; Wed, 11 Jul 2012 14:59:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:message-id:from:to:subject:user-agent:mime-version :content-type; bh=KXrJFa/+i70ZtoYVuPnUWbRgeTym/OFgxII8wkhrcwA=; b=gf2aaTOd0CDEZmbvS3jxwbDYtvkLf2k/O4Y4whJS/crqrepBD+wUsqdjgTihSYwXbs KfbmyWB9AqWtm0/gB34tPtAxVqFJ/XFpLBRYyeRclK53MicWERCiTCavw+eY01NzkCnO 0A0dy7CPyCitAs+2KCxDCPQPNrQMlv+RyJqN3qKpBN84Jg2Pu0/+Kh7uxUjVaB6QUVMp axpoXr4OgWmFgnI5J6bGB8M3Dh7YC9Um2QP9EEwpCA5mqSoykkH7kWLDVp1LP+5+4DdG D+wT0BctPY3Z2xKBPyxQzA7ighWOy8jOAqgxq37pwjnjP/AepqtXcoOBMhAYW/uYpTHh KMGA== Received: by 10.14.27.137 with SMTP id e9mr11408497eea.105.1342043985633; Wed, 11 Jul 2012 14:59:45 -0700 (PDT) Received: from oslo.ath.cx ([2001:470:1f0b:b9a:213:77ff:fead:38d5]) by mx.google.com with ESMTPS id x52sm9531046eea.11.2012.07.11.14.59.43 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 11 Jul 2012 14:59:44 -0700 (PDT) Date: Wed, 11 Jul 2012 23:59:09 +0200 Message-ID: <87fw8yariq.wl%h.skuhra@gmail.com> From: "Herbert J. Skuhra" To: freebsd-jail@freebsd.org User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/24.1.50 (i686-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Subject: Jails on FreeBSD 9.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jul 2012 21:59:47 -0000 Hi, although I've followed the instructions in jail(8) and jail.conf(5) I cannot manage to setup jails on FreeBSD 9.0 STABLE (r238334). The symptons: * ssh'ing to jail works, but it takes about 20 seconds until password prompt appears * netstat -r in the jail takes about 150 seconds to finish * connections to the internet time out; with tcpdump I see that packets leave and enter the public interface on the host, but never reach the jail I use lo1 interface and ip address 192.168.1.1/24 for the jail. Public interface is fxp0 with both an IPv4 and an IPv6 address assigned. Of course, nat is enable via pf on the public interface. I have no issues setting up this jail on FreeBSD 8.3-STABLE. Thanks, Herbert From owner-freebsd-jail@FreeBSD.ORG Wed Jul 11 22:14:46 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E9C5106566C for ; Wed, 11 Jul 2012 22:14:46 +0000 (UTC) (envelope-from feld@feld.me) Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2]) by mx1.freebsd.org (Postfix) with ESMTP id 65F0F8FC19 for ; Wed, 11 Jul 2012 22:14:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me; s=blargle; h=In-Reply-To:Message-Id:From:Mime-Version:Date:References:Subject:To:Content-Type; bh=z8DczOuQuIPng4NWfjIhcXJ8SjIuCKMRB2lFuTH3rj4=; b=fMPq8fOP6THLOJenyugRB8LLVnLNUz44BjhR6vgnf4U+ZMyGD1+GIWMcI7pPmPZVW73ag4Tj9i3EWChdCmfAlP6xUhdzTVZKkIc0pEcbSUr/TNLjfFqIi6y0spn6chCu; Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org) by feld.me with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Sp5BD-000Cva-G5 for freebsd-jail@freebsd.org; Wed, 11 Jul 2012 17:14:44 -0500 Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4) with esmtpa id 1342044877-94480-94479/5/107; Wed, 11 Jul 2012 22:14:37 +0000 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-jail@freebsd.org References: <87fw8yariq.wl%h.skuhra@gmail.com> Date: Wed, 11 Jul 2012 17:14:37 -0500 Mime-Version: 1.0 From: Mark Felder Message-Id: In-Reply-To: <87fw8yariq.wl%h.skuhra@gmail.com> User-Agent: Opera Mail/12.00 (FreeBSD) X-SA-Score: -1.5 Subject: Re: Jails on FreeBSD 9.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jul 2012 22:14:46 -0000 You don't have anything in /etc/resolv.conf, do you? :-) From owner-freebsd-jail@FreeBSD.ORG Wed Jul 11 22:50:50 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D0B63106564A for ; Wed, 11 Jul 2012 22:50:50 +0000 (UTC) (envelope-from h.skuhra@gmail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 5B3658FC0C for ; Wed, 11 Jul 2012 22:50:50 +0000 (UTC) Received: by eekc4 with SMTP id c4so232054eek.13 for ; Wed, 11 Jul 2012 15:50:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:message-id:from:to:subject:in-reply-to:references:user-agent :mime-version:content-type; bh=lYnSTJSp25JxPWu74dCCV4qdJ+VX35YkSO2byC5IJ6E=; b=qR6T8klvn9dRWvKcMly2slfZSVntoepU3VAiRE7YDDhiRyvh/N37iekgU7yOwSDTzH EyEyFV7mcmOJSp9GRLkYw8eTPz1FY/w21cxzTP9pC9TBI6mBYLoOwEsIUrwUl+MFmVOQ pNV/e8RYG3lzY8CXrUeYNixd/i9/i8O7UExXoxRK+R2xl/J0sQuZUqHNkTPgvQogMzlM +o43vGIN2ppTW1PsSdtFeZfQt8g5nfb3S8Y6vy5JGdG1stDG4aztzLMUWSwhu9gWLBo4 rvskpvN0Kxh7+MNthiUXsLkbNEWpR7GCJ717x+qzLq31lmS3fUm2o2U5TSPJb1CmpD14 4bOg== Received: by 10.14.40.84 with SMTP id e60mr1492018eeb.201.1342047049373; Wed, 11 Jul 2012 15:50:49 -0700 (PDT) Received: from oslo.ath.cx ([2001:470:1f0b:b9a:213:77ff:fead:38d5]) by mx.google.com with ESMTPS id h53sm9939909eea.1.2012.07.11.15.50.47 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 11 Jul 2012 15:50:48 -0700 (PDT) Date: Thu, 12 Jul 2012 00:50:14 +0200 Message-ID: <87ehohc3q1.wl%h.skuhra@gmail.com> From: "Herbert J. Skuhra" To: freebsd-jail@freebsd.org In-Reply-To: References: <87fw8yariq.wl%h.skuhra@gmail.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/24.1.50 (i686-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Subject: Re: Jails on FreeBSD 9.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jul 2012 22:50:50 -0000 On Wed, 11 Jul 2012 17:14:37 -0500 Mark Felder wrote: > You don't have anything in /etc/resolv.conf, do you? :-) I have two nameservers listed. But even when I do 'dig @8.8.8.8 www.google.com' from the jail I get: connection timed out; no servers could be reached. But tcpdump shows the reply from the nameserver. Thanks. -- Herbert From owner-freebsd-jail@FreeBSD.ORG Thu Jul 12 08:56:00 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 77AEB106566B for ; Thu, 12 Jul 2012 08:56:00 +0000 (UTC) (envelope-from h.skuhra@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id 4F1AA8FC0A for ; Thu, 12 Jul 2012 08:56:00 +0000 (UTC) Received: by pbbro2 with SMTP id ro2so3787626pbb.13 for ; Thu, 12 Jul 2012 01:55:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=1iIq+Cj06T81v7JO5k+Nz0ubwPzUOPKNwA/UXx+YRcY=; b=GCcP+mOLNjOLJtTMJsrPU3dKq39vdds8onIz0y+c1eeLZRM99aRELiyKJnRKBLrVjm laHRrcpJjvqwYujyyNBP4UDQp+4X2HL7v8t1j2eX+M3I0NObwVwsilwR3xBhGYFuEaZY nRDVFbbsltIYIRYkqmTEcvt0c9yP5J1m+NQyQBPxhByBtEhkB+hSpZUPATLc0IM6IgYY 76jAO2to7ZlCo+hK37aBCMLmEE3szylKwJcecXQlfEFMMECwrEgFxnFJaHjPdrs3phxI XUpp2IqGA9TKH5lYsz/YWBIIRRASdiJR76IMRwHCFLdcXXpee7H3lm4qWtRsyAB7hiyo B0Ow== MIME-Version: 1.0 Received: by 10.68.227.163 with SMTP id sb3mr3746500pbc.74.1342083353845; Thu, 12 Jul 2012 01:55:53 -0700 (PDT) Received: by 10.68.239.67 with HTTP; Thu, 12 Jul 2012 01:55:53 -0700 (PDT) In-Reply-To: <87fw8yariq.wl%h.skuhra@gmail.com> References: <87fw8yariq.wl%h.skuhra@gmail.com> Date: Thu, 12 Jul 2012 10:55:53 +0200 Message-ID: From: "Herbert J. Skuhra" To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 Subject: Re: Jails on FreeBSD 9.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2012 08:56:00 -0000 On Wed, Jul 11, 2012 at 11:59 PM, Herbert J. Skuhra wrote: > Hi, > > although I've followed the instructions in jail(8) and jail.conf(5) I > cannot manage to setup jails on FreeBSD 9.0 STABLE (r238334). > > The symptons: > > * ssh'ing to jail works, but it takes about 20 seconds until password > prompt appears > * netstat -r in the jail takes about 150 seconds to finish > * connections to the internet time out; with tcpdump I see that > packets leave and enter the public interface on the host, but never > reach the jail > > I use lo1 interface and ip address 192.168.1.1/24 for the jail. Public > interface is fxp0 with both an IPv4 and an IPv6 address assigned. > Of course, nat is enable via pf on the public interface. After switching to ipfw/natd networking in the jail works. Could this be a bug? -- Herbert From owner-freebsd-jail@FreeBSD.ORG Thu Jul 12 09:56:49 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9E2551065670 for ; Thu, 12 Jul 2012 09:56:49 +0000 (UTC) (envelope-from joris.dedieu@gmail.com) Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 58B9A8FC14 for ; Thu, 12 Jul 2012 09:56:49 +0000 (UTC) Received: by qcsg15 with SMTP id g15so1551962qcs.13 for ; Thu, 12 Jul 2012 02:56:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=eowYgA7GNC89dlqoxhgGQ16drsw+Q0ojxnrb9cdWlOs=; b=t2MA0CtQ7QjbVcjE3+CDmdszPFSCAM4ky2RuMN3404UKthd7k+eOAIxGKJN2n1p1ZT Wzla0nUn+AHwSVKhusOC8vVgG6h9ZK30PVzOnVM8zPUP8Zxc2heK9EMJ6RlOkdBbckQW MS6n9i+PTJLbJ/K0hqVMceSGjgdBAfZoAZGhfW2zncCeaKDrBY/NSX1D0WQnA7AoCs3/ F9bj4Rg0PfpFdhVsmMFceII6DESZY3AqnZjBcXRpMf/eK61Imz4Jh63s+7BiVVxeA/VP 9n3YoX/d4aPIw9pHLDQ7E+CBzw4l0CMLiBASDZb0zkfqTQCh3SUIJtSvHp2vu96Bp4Zx YaKA== MIME-Version: 1.0 Received: by 10.224.111.139 with SMTP id s11mr2659686qap.78.1342087008678; Thu, 12 Jul 2012 02:56:48 -0700 (PDT) Received: by 10.224.130.67 with HTTP; Thu, 12 Jul 2012 02:56:48 -0700 (PDT) In-Reply-To: References: <87fw8yariq.wl%h.skuhra@gmail.com> Date: Thu, 12 Jul 2012 11:56:48 +0200 Message-ID: From: joris dedieu To: "Herbert J. Skuhra" Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-jail@freebsd.org Subject: Re: Jails on FreeBSD 9.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2012 09:56:49 -0000 2012/7/12 Herbert J. Skuhra : > On Wed, Jul 11, 2012 at 11:59 PM, Herbert J. Skuhra wrote: >> Hi, >> >> although I've followed the instructions in jail(8) and jail.conf(5) I >> cannot manage to setup jails on FreeBSD 9.0 STABLE (r238334). >> >> The symptons: >> >> * ssh'ing to jail works, but it takes about 20 seconds until password >> prompt appears Does it still the same with UseDNS=no in /etc/ssh/sshd_config ? >> * netstat -r in the jail takes about 150 seconds to finish Does netstat -rn does the same ? >> * connections to the internet time out; with tcpdump I see that >> packets leave and enter the public interface on the host, but never >> reach the jail >> >> I use lo1 interface and ip address 192.168.1.1/24 for the jail. Public >> interface is fxp0 with both an IPv4 and an IPv6 address assigned. >> Of course, nat is enable via pf on the public interface. Can you post your PF configuration ? > > After switching to ipfw/natd networking in the jail works. > Could this be a bug? I think you had an issue with firewall that block name resolution and makes everything goes slow. At least you need one single line on your pf.conf : nat on $public_interface form $jail_ip to any -> ($public_interface) > > -- > Herbert > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Thu Jul 12 19:04:53 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E9DD01065670 for ; Thu, 12 Jul 2012 19:04:53 +0000 (UTC) (envelope-from h.skuhra@gmail.com) Received: from mail-gh0-f182.google.com (mail-gh0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id A3B168FC15 for ; Thu, 12 Jul 2012 19:04:53 +0000 (UTC) Received: by ghbz22 with SMTP id z22so3211113ghb.13 for ; Thu, 12 Jul 2012 12:04:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=ZeKlxhtQSShyQeORzwuLdv/OyEhXKutyaiW16Xex1DE=; b=f8FSI0V2BPcrV/JFDXPGhjbJOMXMgdaKnewKGl9Rgc+6bLMqorZRYlHa29aui+7Sxu 5lC2nwD+7AXzuCZwuSj2cOnLhXiiir0ioJpwlieRH3Rwtr+JRjVCfHqeFRs/qDscfiMf nlIFnBE7n7+eYVC+m9HsR8bm/rRz8LOM5QHSBfVU1P7Y0nTt+IoE129iQMLX/SYg8akR W6kfvVgNKEgzWIFwk+ZrnKf8pKOFD7HTA3WgsUILIWpiHDSU9145GILnDxbp7O+ma+eq ArPMgbw+FT4DfYHz+xLTFBmOcaLhlm02UOlnyLX0WQnBgZ56kA9xOeF6rNXKQkaJS6KR vKXw== MIME-Version: 1.0 Received: by 10.66.89.38 with SMTP id bl6mr92157805pab.39.1342119892589; Thu, 12 Jul 2012 12:04:52 -0700 (PDT) Received: by 10.68.239.67 with HTTP; Thu, 12 Jul 2012 12:04:52 -0700 (PDT) In-Reply-To: References: <87fw8yariq.wl%h.skuhra@gmail.com> Date: Thu, 12 Jul 2012 21:04:52 +0200 Message-ID: From: "Herbert J. Skuhra" To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 Subject: Re: Jails on FreeBSD 9.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2012 19:04:54 -0000 On Thu, Jul 12, 2012 at 11:56 AM, joris dedieu wrote: > 2012/7/12 Herbert J. Skuhra : >> On Wed, Jul 11, 2012 at 11:59 PM, Herbert J. Skuhra wrote: >>> Hi, >>> >>> although I've followed the instructions in jail(8) and jail.conf(5) I >>> cannot manage to setup jails on FreeBSD 9.0 STABLE (r238334). >>> >>> The symptons: >>> >>> * ssh'ing to jail works, but it takes about 20 seconds until password >>> prompt appears > > Does it still the same with UseDNS=no in /etc/ssh/sshd_config ? No, I can login instantly. >>> * netstat -r in the jail takes about 150 seconds to finish > > Does netstat -rn does the same ? No, the output appears immediately. >>> * connections to the internet time out; with tcpdump I see that >>> packets leave and enter the public interface on the host, but never >>> reach the jail >>> >>> I use lo1 interface and ip address 192.168.1.1/24 for the jail. Public >>> interface is fxp0 with both an IPv4 and an IPv6 address assigned. >>> Of course, nat is enable via pf on the public interface. > > Can you post your PF configuration ? >> >> After switching to ipfw/natd networking in the jail works. >> Could this be a bug? > > I think you had an issue with firewall that block name resolution and > makes everything goes slow. At least you need one single line on your > pf.conf : > > nat on $public_interface form $jail_ip to any -> ($public_interface) Even when loading only the nat rule it doesn't work: nat on fxp0 from 192.168.1.0/24 to any -> $ext_addr Thanks. Herbert