From owner-freebsd-jail@freebsd.org Fri Dec 11 19:26:18 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6DC9A9D7EAF for ; Fri, 11 Dec 2015 19:26:18 +0000 (UTC) (envelope-from rjohanne@gmail.com) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1021B127A for ; Fri, 11 Dec 2015 19:26:18 +0000 (UTC) (envelope-from rjohanne@gmail.com) Received: by wmnn186 with SMTP id n186so45267353wmn.0 for ; Fri, 11 Dec 2015 11:26:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=vzhl0hZXXk3TuzeHTfXMUkDhMPmUs5THDksy6YAAXj8=; b=ev7yvNWYnWy1//SYlidEQJwIKySgvYS/VNzIidhE7YhhHAgWa+uBHhEAX3ZfsjrrQa asEFN5fvGkMyWO4FUSqQyyrLW56a8LHezVwcxFgL2ikf/8og8B/FVqyCYAjiAbwrvGWB 8e1xzZVDBdS3v02XpJIAAfwhQNaj2M0qN22WRyorFK3z/GcRGx9VWZ+kdsixlOVxCTkg /cSXbNMNlsnXooWMvHpw3cIRBCAjQiJ18lzUUPckFn2RlgBWUdaIO8JXKMEkhclZvF9/ ztFd3ysy5Hn96lv7p5+6LIuKM5OUn61TtNvb7kW/EFcZwr/bzO1WhJZny683ntp4xH74 EKOg== MIME-Version: 1.0 X-Received: by 10.28.184.13 with SMTP id i13mr7560356wmf.31.1449861976654; Fri, 11 Dec 2015 11:26:16 -0800 (PST) Received: by 10.28.113.18 with HTTP; Fri, 11 Dec 2015 11:26:16 -0800 (PST) Date: Fri, 11 Dec 2015 13:26:16 -0600 Message-ID: Subject: ppp has NOJAIL keyword in its startup script From: Rob J To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2015 19:26:18 -0000 Hello, I was wondering why my ppp configuration wasn't starting in a jail, until I looked at the /etc/rc.d/ppp script, which contains the keyword NOJAIL. So, I cannot start ppp (for my dsl connection) in a jail, and the question is why? Are there security, or other reasons why you can't run ppp in a jail? Thanks, Robert From owner-freebsd-jail@freebsd.org Fri Dec 11 22:10:43 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50B289D72FD for ; Fri, 11 Dec 2015 22:10:43 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 173591F32 for ; Fri, 11 Dec 2015 22:10:42 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 0697E28469; Fri, 11 Dec 2015 23:10:33 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 54DB528451; Fri, 11 Dec 2015 23:10:32 +0100 (CET) Message-ID: <566B49D8.8030206@quip.cz> Date: Fri, 11 Dec 2015 23:10:32 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:35.0) Gecko/20100101 Firefox/35.0 SeaMonkey/2.32 MIME-Version: 1.0 To: Rob J , freebsd-jail@freebsd.org Subject: Re: ppp has NOJAIL keyword in its startup script References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2015 22:10:43 -0000 Rob J wrote on 12/11/2015 20:26: > Hello, > I was wondering why my ppp configuration wasn't starting in a jail, > until I looked at the /etc/rc.d/ppp script, which contains the keyword > NOJAIL. > > So, I cannot start ppp (for my dsl connection) in a jail, and the > question is why? Are there security, or other reasons why you can't > run ppp in a jail? You cannot manage network interfaces, IP addresses and routing tables in jail with default system settings. (for security reason) Miroslav Lachman From owner-freebsd-jail@freebsd.org Fri Dec 11 23:19:10 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D45789D74EA for ; Fri, 11 Dec 2015 23:19:10 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 736BB1218 for ; Fri, 11 Dec 2015 23:19:10 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by mail-wm0-x231.google.com with SMTP id n186so50605615wmn.1 for ; Fri, 11 Dec 2015 15:19:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version :content-type:content-transfer-encoding; bh=iI49UizPlz22es3FQlNL1NN1NrTWYO1HAiJQ4xx7jSM=; b=DpfTEaffHoI/tJfksWYbqBAbuvtmq4AOZTDNiVZlOyF5JA7h+SRcdTs+oSadr7d7pq SdgCr6h5TrcxVnI6QeaP1YZH0wKc3AXiYLIcW3yCid2n0WhMWvd5ZeqPYif2WzVapmCF XoY5Bae/pDrkU5OPJ4M0h8MbszzvI/Wl0EthKnNTv+lafOwk3vOIahGtxXMJyHioSLfs +VHzSORz/kf02foJL/PIDY+16VrRgJkVnHgzq9krTEDMp4CVHMGixV0utFths7k1x5B4 0vbSdYMdCUmtPWvidJPPA59rzgY++aeey0D0a0Rf9NeuOsCW6JHgVonwW29YuB6ZTvEq iNWw== X-Received: by 10.194.174.73 with SMTP id bq9mr23249295wjc.115.1449875948914; Fri, 11 Dec 2015 15:19:08 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id e83sm5309720wmc.23.2015.12.11.15.19.08 for (version=TLSv1/SSLv3 cipher=OTHER); Fri, 11 Dec 2015 15:19:08 -0800 (PST) To: freebsd-jail@freebsd.org From: marcel Subject: Configuring network without ezjail X-Enigmail-Draft-Status: N1110 Message-ID: <566B67F7.1090404@gmail.com> Date: Sat, 12 Dec 2015 00:19:03 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2015 23:19:10 -0000 Hello everybody, I would like to know if it is possible to configure a jail's network for accessing to the World Wide Web but without ezjail ? I have created my jail without ezjail (mkdir jail, make installworld, etc...) and I would like to continue without it if it's possible... Thanks, marcel From owner-freebsd-jail@freebsd.org Fri Dec 11 23:31:07 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85723A0415C for ; Fri, 11 Dec 2015 23:31:07 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: from elektropost.org (elektropost.org [217.115.13.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CF6731AC8 for ; Fri, 11 Dec 2015 23:31:06 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: (qmail 97221 invoked from network); 11 Dec 2015 23:31:03 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 11 Dec 2015 23:31:03 -0000 Subject: Re: Configuring network without ezjail To: marcel , freebsd-jail@freebsd.org References: <566B67F7.1090404@gmail.com> From: Dirk Engling Message-ID: <566B5CB6.8050009@erdgeist.org> Date: Sat, 12 Dec 2015 00:31:02 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <566B67F7.1090404@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2015 23:31:07 -0000 On 12.12.15 01:19, marcel wrote: > I would like to know if it is possible to configure a jail's network for > accessing to the World Wide Web but without ezjail ? > I have created my jail without ezjail (mkdir jail, make installworld, > etc...) and I would like to continue without it if it's possible... Sure, why doesn't it connect to the net? Does it have a RFC1918 IP? If so, you need to enable NAT. If not, did you enable gatewaying? Maybe you just have DNS problems, so is your resolv.conf set up properly? Without knowing what exactly is not working, I can not help you. erdgeist From owner-freebsd-jail@freebsd.org Sat Dec 12 00:51:02 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1EF61A04965 for ; Sat, 12 Dec 2015 00:51:02 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B260815FD for ; Sat, 12 Dec 2015 00:51:01 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by mail-wm0-x22b.google.com with SMTP id c201so93832446wme.0 for ; Fri, 11 Dec 2015 16:51:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=LEZ1IK+jJg7/J6zSrqC0owxBpDgE9rWbPbS4D4z3BGc=; b=kVtYC9u+csiaDUwwlIc5zukxGcgc9Foda7eZS5QomOedAyqx/b1VXUN6iyf1z8+tEe gt3cdRU49y1B83t9bQdFNEI9431I9ViylTIOXvETE0zRsYy+tNhM1VdTV7Zlxb1bgdqk imsosMd9794iv2MY6eGkeZrnNsRCFbs0xMdB9bpHUwzJqsAnHkjkKOBOnhEZcPyL/953 ZdUnqBpOzgAPdoHRxDmkF9V8jbCN6QOxUZwlLTCjSCD7kGrsHYGPKwgfvQ5WXowC1zyv gvze9RcQQTV2QnMYJx1T9lUaOdUXrDu42atQ32/YKpCTkCTrTxwXQUokJVNezseMvFck qXug== X-Received: by 10.194.19.100 with SMTP id d4mr23399860wje.18.1449881460280; Fri, 11 Dec 2015 16:51:00 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id qm9sm19056534wjc.39.2015.12.11.16.50.58 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 11 Dec 2015 16:50:59 -0800 (PST) Subject: Re: Configuring network without ezjail To: Dirk Engling , freebsd-jail@freebsd.org References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> From: marcel X-Enigmail-Draft-Status: N1110 Message-ID: <566B7D7E.2070507@gmail.com> Date: Sat, 12 Dec 2015 01:50:54 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <566B5CB6.8050009@erdgeist.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2015 00:51:02 -0000 No I don't get to have an IP address... Yet I have writed this in my host's rc.conf: jail_enable="YES" jail_list="thename" jail_guantanamo_rootdir="thepath" jail_guantanamo_hostname="thename" jail_guantanamo_ip="192.168.0.12" and I use the command: jail thepath thename 192.168.0.12 /bin/csh to connect to my jail... On 11/12/2015 23:31, Dirk Engling wrote: > On 12.12.15 01:19, marcel wrote: > >> I would like to know if it is possible to configure a jail's network for >> accessing to the World Wide Web but without ezjail ? >> I have created my jail without ezjail (mkdir jail, make installworld, >> etc...) and I would like to continue without it if it's possible... > Sure, why doesn't it connect to the net? Does it have a RFC1918 IP? If > so, you need to enable NAT. If not, did you enable gatewaying? Maybe you > just have DNS problems, so is your resolv.conf set up properly? > > Without knowing what exactly is not working, I can not help you. > > erdgeist From owner-freebsd-jail@freebsd.org Sat Dec 12 00:57:22 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C3264A04FB9 for ; Sat, 12 Dec 2015 00:57:22 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 796FB19DD for ; Sat, 12 Dec 2015 00:57:22 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by wmec201 with SMTP id c201so92106651wme.1 for ; Fri, 11 Dec 2015 16:57:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=wVG5xAxvQ5eXtft2EHhAMWwHFHszJRoX/F06NtnWi8g=; b=mVvCYgSD33kU1D7OQMy7xUJVdy1hP5VQCBVeYZxAlrI96WUALsQfVohnRIfKl5XGYQ rHi+GupcQ1N/ap5qN5AFq6yGVNulIWoeDF1aI92+qv4Z9Hqsr3OsnhG1vAtI+PrQExyF g0rG5/ihfuybIjIUpqJoX74lnjK+q7dSlm1+IXisX437FjGmnnQNWd9RneQvLmaQe4yd lBBNwN5jHDWhlimaOhmDBZCxrEg9lPRkLDiDUR5RUorpJRTOnrIkK+ij/fGwmAeHDSQU Bsktu9C9Hf+ULyES9lnxSVDcoUa7WNkC+Xbkv2wD+R/YSDdPituD+LWa11/R8koVhHCM ICYw== X-Received: by 10.28.94.1 with SMTP id s1mr9015349wmb.60.1449881840983; Fri, 11 Dec 2015 16:57:20 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id c13sm5490330wmd.14.2015.12.11.16.57.20 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 11 Dec 2015 16:57:20 -0800 (PST) Subject: Re: Configuring network without ezjail To: Dirk Engling , freebsd-jail@freebsd.org References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> From: marcel X-Enigmail-Draft-Status: N1110 Message-ID: <566B7EF6.5040701@gmail.com> Date: Sat, 12 Dec 2015 01:57:10 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <566B5CB6.8050009@erdgeist.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2015 00:57:22 -0000 ... And I think I have enabling gateway: I have writed this in both of the rc.conf: gateway_enable="YES" Is it correct ? But I don't think I have DNS problem, my host correclty accessed to internet and the resolv.conf of my jail is the same as the resolv.conf of my host... On 11/12/2015 23:31, Dirk Engling wrote: > On 12.12.15 01:19, marcel wrote: > >> I would like to know if it is possible to configure a jail's network for >> accessing to the World Wide Web but without ezjail ? >> I have created my jail without ezjail (mkdir jail, make installworld, >> etc...) and I would like to continue without it if it's possible... > Sure, why doesn't it connect to the net? Does it have a RFC1918 IP? If > so, you need to enable NAT. If not, did you enable gatewaying? Maybe you > just have DNS problems, so is your resolv.conf set up properly? > > Without knowing what exactly is not working, I can not help you. > > erdgeist From owner-freebsd-jail@freebsd.org Sat Dec 12 01:05:26 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3F32D9D8556 for ; Sat, 12 Dec 2015 01:05:26 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: from elektropost.org (elektropost.org [217.115.13.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 870EE1D2E for ; Sat, 12 Dec 2015 01:05:25 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: (qmail 22935 invoked from network); 12 Dec 2015 01:05:21 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 12 Dec 2015 01:05:21 -0000 Subject: Re: Configuring network without ezjail To: marcel , freebsd-jail@freebsd.org References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> From: Dirk Engling X-Enigmail-Draft-Status: N1110 Message-ID: <566B72CF.5020008@erdgeist.org> Date: Sat, 12 Dec 2015 02:05:19 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <566B7D7E.2070507@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2015 01:05:26 -0000 On 12.12.15 02:50, marcel wrote: > No I don't get to have an IP address... Yet I have writed this in my > host's rc.conf: > > jail_enable="YES" > jail_list="thename" > jail_guantanamo_rootdir="thepath" > jail_guantanamo_hostname="thename" > jail_guantanamo_ip="192.168.0.12" Well, what you write into your rc.conf is only relevant to the /etc/rc.d/jail script. If you're not using the script, you don't need these variables. You might man to look up the jail.conf(5) man page. > and I use the command: > > jail thepath thename 192.168.0.12 /bin/csh Looks like you need to create the jail first. Use the -c parameter to jail. However I suggest to configure your jails with either a tool like ezjail or at least start the jails with the /etc/rc.d/jail script. erdgeist From owner-freebsd-jail@freebsd.org Sat Dec 12 01:08:10 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B99519D86C4 for ; Sat, 12 Dec 2015 01:08:10 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 567961DA0 for ; Sat, 12 Dec 2015 01:08:10 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by wmnn186 with SMTP id n186so53698579wmn.0 for ; Fri, 11 Dec 2015 17:08:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=4MPLG5nRd5G0V5Y8wlEjGuyBjbzoA+eBkPWbTdAorkM=; b=FiOuE+y280ysZh/ddKG8lwSPregPy1cVQr8bGKV9tTQY1HgTq42pMpTciNvFvc3d5Q rIW869VNHQmZMmaLfYJ/HVvhmQEDfnhE2OJUPyPGMWs/YIOtKtNcZzL847x6XpJq2x67 eHT09ug+7D9X3ckBgOqvx+a9Rz2s3t1BfLc1X7pLGseA3QnYgn4RcL4q0R6Ij6MlwUKz aBU3oznKQOJ6wlcLJgko/oPRWVerEZXaaw/g0AMd1qYMeETFydvrNo+0LrE6KfygOU/9 5ftM76MBYfvRuXlx4epfWlhi8c8085CscmmBjkjvS/mQiRZjQ3/GkxEPGOpzNBTWrJ/8 tZjQ== X-Received: by 10.194.219.164 with SMTP id pp4mr26900311wjc.37.1449882487895; Fri, 11 Dec 2015 17:08:07 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id 198sm5590205wmr.18.2015.12.11.17.08.07 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 11 Dec 2015 17:08:07 -0800 (PST) Subject: Re: Configuring network without ezjail To: Dirk Engling , freebsd-jail@freebsd.org References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> From: marcel Message-ID: <566B8183.3080306@gmail.com> Date: Sat, 12 Dec 2015 02:08:03 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <566B7D7E.2070507@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2015 01:08:10 -0000 ... and I think I have enabling gateway, I wrote thins in both of my rc.conf (jail and host): gateway_enable="YES" Is it correct ? But I don't think I have DNS problems, my host correctly access to the internet and the resolv.conf of my jail and my host are same... On 12/12/2015 01:50, marcel wrote: > No I don't get to have an IP address... Yet I have writed this in my > host's rc.conf: > > jail_enable="YES" > jail_list="thename" > jail_guantanamo_rootdir="thepath" > jail_guantanamo_hostname="thename" > jail_guantanamo_ip="192.168.0.12" > > and I use the command: > > jail thepath thename 192.168.0.12 /bin/csh > > to connect to my jail... > > On 11/12/2015 23:31, Dirk Engling wrote: >> On 12.12.15 01:19, marcel wrote: >> >>> I would like to know if it is possible to configure a jail's network for >>> accessing to the World Wide Web but without ezjail ? >>> I have created my jail without ezjail (mkdir jail, make installworld, >>> etc...) and I would like to continue without it if it's possible... >> Sure, why doesn't it connect to the net? Does it have a RFC1918 IP? If >> so, you need to enable NAT. If not, did you enable gatewaying? Maybe you >> just have DNS problems, so is your resolv.conf set up properly? >> >> Without knowing what exactly is not working, I can not help you. >> >> erdgeist From owner-freebsd-jail@freebsd.org Sat Dec 12 02:44:18 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 26D7F9D80C2 for ; Sat, 12 Dec 2015 02:44:18 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mx1.eichornenterprises.com (mx1.eichornenterprises.com [104.236.13.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.eichornenterprises.com", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B7FE31A59 for ; Sat, 12 Dec 2015 02:44:17 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mail.eichornenterprises.com (cpe-184-59-147-149.neo.res.rr.com [184.59.147.149]) by mx1.eichornenterprises.com (OpenSMTPD) with ESMTP id 57f6e1b0; Fri, 11 Dec 2015 21:44:13 -0500 (EST) Received: by mail.eichornenterprises.com (OpenSMTPD) with ESMTPSA id a9cd1c02 TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO; Fri, 11 Dec 2015 21:44:13 -0500 (EST) Message-ID: <1449888253.23602.14.camel@michaeleichorn.com> Subject: Re: Configuring network without ezjail From: "Michael B. Eichorn" To: marcel , Dirk Engling , freebsd-jail@freebsd.org Date: Fri, 11 Dec 2015 21:44:13 -0500 In-Reply-To: <566B8183.3080306@gmail.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2015 02:44:18 -0000 On Sat, 2015-12-12 at 02:08 +0000, marcel wrote: > ... and I think I have enabling gateway, I wrote thins in both of my > rc.conf (jail and host): > > gateway_enable="YES" > > Is it correct ? You only need gateway_enable if you are doing routing, it is not necessary for a typical jail setup. Most of the time you are just adding an alias to the host's nic. > > But I don't think I have DNS problems, my host correctly access to > the > internet and the resolv.conf of my jail and my host are same... > > On 12/12/2015 01:50, marcel wrote: > > No I don't get to have an IP address... Yet I have writed this in > > my > > host's rc.conf: > > > > jail_enable="YES" > > jail_list="thename" > > jail_guantanamo_rootdir="thepath" > > jail_guantanamo_hostname="thename" > > jail_guantanamo_ip="192.168.0.12" > > > > and I use the command: > > > > jail thepath thename 192.168.0.12 /bin/csh > > > > to connect to my jail... > > > > On 11/12/2015 23:31, Dirk Engling wrote: > > > On 12.12.15 01:19, marcel wrote: > > > > > > > I would like to know if it is possible to configure a jail's > > > > network for > > > > accessing to the World Wide Web but without ezjail ? > > > > I have created my jail without ezjail (mkdir jail, make > > > > installworld, > > > > etc...) and I would like to continue without it if it's > > > > possible... > > > Sure, why doesn't it connect to the net? Does it have a RFC1918 > > > IP? If > > > so, you need to enable NAT. If not, did you enable gatewaying? > > > Maybe you > > > just have DNS problems, so is your resolv.conf set up properly? > > > > > > Without knowing what exactly is not working, I can not help you. > > > > > >   erdgeist I think you found some old instructions, assuming a 10.x system here is the boilerplate for a typical jail: rc.conf:   jail_enable="YES" jail.conf:   interface = re0;   mount.devfs;   exec.start = "/bin/sh /etc/rc";   exec.stop = "/bin/sh /etc/rc.shutdown";   thenameofthejail {         host.hostname = host.domain.tld; path = /the/path/to/the/jail         ip4.addr = 192.168.0.12;   } and start it up with # jail -c thenameofthejail And another handy tip you can avoid building a jail with make by extacting the base.txz file found in places like the install media into the jail directory. From owner-freebsd-jail@freebsd.org Sat Dec 12 02:59:15 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C409C9D8965 for ; Sat, 12 Dec 2015 02:59:15 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mx1.eichornenterprises.com (mx1.eichornenterprises.com [104.236.13.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.eichornenterprises.com", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 6F70A1E2A for ; Sat, 12 Dec 2015 02:59:15 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mail.eichornenterprises.com (cpe-184-59-147-149.neo.res.rr.com [184.59.147.149]) by mx1.eichornenterprises.com (OpenSMTPD) with ESMTP id c28dbd31; Fri, 11 Dec 2015 21:59:12 -0500 (EST) Received: by mail.eichornenterprises.com (OpenSMTPD) with ESMTPSA id 1bab17cf TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO; Fri, 11 Dec 2015 21:59:11 -0500 (EST) Message-ID: <1449889151.23602.24.camel@michaeleichorn.com> Subject: Re: Configuring network without ezjail From: "Michael B. Eichorn" To: marcel , Dirk Engling , freebsd-jail@freebsd.org Date: Fri, 11 Dec 2015 21:59:11 -0500 In-Reply-To: <1449888253.23602.14.camel@michaeleichorn.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2015 02:59:16 -0000 On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: > On Sat, 2015-12-12 at 02:08 +0000, marcel wrote: > > ... and I think I have enabling gateway, I wrote thins in both of > > my > > rc.conf (jail and host): > > > > gateway_enable="YES" > > > > Is it correct ? > > You only need gateway_enable if you are doing routing, it is not > necessary for a typical jail setup. Most of the time you are just > adding an alias to the host's nic. > > > > > But I don't think I have DNS problems, my host correctly access to > > the > > internet and the resolv.conf of my jail and my host are same... > > > > On 12/12/2015 01:50, marcel wrote: > > > No I don't get to have an IP address... Yet I have writed this in > > > my > > > host's rc.conf: > > > > > > jail_enable="YES" > > > jail_list="thename" > > > jail_guantanamo_rootdir="thepath" > > > jail_guantanamo_hostname="thename" > > > jail_guantanamo_ip="192.168.0.12" > > > > > > and I use the command: > > > > > > jail thepath thename 192.168.0.12 /bin/csh > > > > > > to connect to my jail... > > > > > > On 11/12/2015 23:31, Dirk Engling wrote: > > > > On 12.12.15 01:19, marcel wrote: > > > > > > > > > I would like to know if it is possible to configure a jail's > > > > > network for > > > > > accessing to the World Wide Web but without ezjail ? > > > > > I have created my jail without ezjail (mkdir jail, make > > > > > installworld, > > > > > etc...) and I would like to continue without it if it's > > > > > possible... > > > > Sure, why doesn't it connect to the net? Does it have a RFC1918 > > > > IP? If > > > > so, you need to enable NAT. If not, did you enable gatewaying? > > > > Maybe you > > > > just have DNS problems, so is your resolv.conf set up properly? > > > > > > > > Without knowing what exactly is not working, I can not help > > > > you. > > > > > > > >   erdgeist > > I think you found some old instructions, assuming a 10.x system here > is > the boilerplate for a typical jail: > > rc.conf: > >   jail_enable="YES" > > jail.conf: > >   interface = re0; >   mount.devfs; >   exec.start = "/bin/sh /etc/rc"; >   exec.stop = "/bin/sh /etc/rc.shutdown"; > >   thenameofthejail { >         host.hostname = host.domain.tld; > path = /the/path/to/the/jail >         ip4.addr = 192.168.0.12; >   } > > and start it up with > > # jail -c thenameofthejail > > And another handy tip you can avoid building a jail with make by > extacting the base.txz file found in places like the install media > into > the jail directory Oh and before I forget, the trickiest thing for me moving from ezjail to jail was updating. Assuming your jails are complete base systems and that you would like to use binary updates with freebsd-update, and you have completely sparated jails without any funny tricks to save space, here is Ike's simple jail update guide: edit the jail's freebsd-update.conf and change Components src world kernel -to- Components world then run freebsd-update like so: # freebsd-update -b /usr/jails/jaildir \ -f usr/jails/jaildir/etc/freebsd-update.conf \ -d /usr/jails/jaildir/var/db/freebsd-update fetch # freebsd-update -b /usr/jails/jaildir \ -f /usr/jails/jaildir/etc/freebsd-update.conf \ -d /usr/jails/jaildir/var/db/freebsd-update install Using the -f flag keeps the jail from using the host config since jails cannot update kernels anyway. And -d keeps jails and hosts from trampling each other which is nice if you want to do more than one at a time, or if you use freebsd-update cron. From owner-freebsd-jail@freebsd.org Sat Dec 12 18:12:27 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C6CB4A14151 for ; Sat, 12 Dec 2015 18:12:27 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.gritton.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 90CD01A20 for ; Sat, 12 Dec 2015 18:12:27 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) by gritton.org (8.15.2/8.15.2) with ESMTPS id tBCIAqX8031772 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 12 Dec 2015 11:10:53 -0700 (MST) (envelope-from jamie@freebsd.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id tBCIAqKL031771; Sat, 12 Dec 2015 11:10:52 -0700 (MST) (envelope-from jamie@freebsd.org) X-Authentication-Warning: gritton.org: www set sender to jamie@freebsd.org using -f To: freebsd-jail@freebsd.org Subject: Re: Configuring network without ezjail X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sat, 12 Dec 2015 11:10:52 -0700 From: James Gritton In-Reply-To: <566B7D7E.2070507@gmail.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> Message-ID: X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.1.2 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2015 18:12:27 -0000 On 2015-12-11 18:50, marcel wrote: > No I don't get to have an IP address... Yet I have writed this in my > host's rc.conf: > > jail_enable="YES" > jail_list="thename" > jail_guantanamo_rootdir="thepath" > jail_guantanamo_hostname="thename" > jail_guantanamo_ip="192.168.0.12" > > and I use the command: > > jail thepath thename 192.168.0.12 /bin/csh > > to connect to my jail... Is the jail even created? You show jail_name as "thename", but the jail config variables are jail_quantanamo_*. So when you say "thename" do you really mean quantanamo? Because if you don't, then the jail won't get configured at startup. The command you're using to connect to the jail is actually a command that creates a jail. That's probably not what you want, as that jail is likely to disappear again after you exit from it. You should be using jexec(8), assuming your jail has been properly created in the first place. Now to the IP address: is your entire box behind some gateway, where it uses a 192.168 address? If it isn't, you'll need more than to just declare such an address - you'll need a jail with vnet, which is rather more complex. But if it is, then the question becomes: is 192.168.0.12 the host address, i.e. are you creating a jail that shares the host address? If you are it should work, but most jails aren't done this way. Specifying a jail's IP address only tell which of the host's existing addresses to use. If that address isn't already set up, it won't be used - unless you tell it to. If you're still using the rc.conf-based jail specification, you can set jail_interface (or jail_quantanamo_interface) to the name of the network interface where the host's main IP address lives (e.g. "em0" or somesuch). Such a config line is likely all you need. - Jamie From owner-freebsd-jail@freebsd.org Sat Dec 12 22:42:40 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 854F1A400E4 for ; Sat, 12 Dec 2015 22:42:40 +0000 (UTC) (envelope-from schultz@ime.usp.br) Received: from iris.ime.usp.br (iris.ime.usp.br [143.107.45.5]) by mx1.freebsd.org (Postfix) with ESMTP id 440201EA2 for ; Sat, 12 Dec 2015 22:42:39 +0000 (UTC) (envelope-from schultz@ime.usp.br) Received: from hpmini (unknown [187.65.219.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: schultz@iris.ime.usp.br) by iris.ime.usp.br (Postfix) with ESMTPSA id C16832900981 for ; Sat, 12 Dec 2015 20:42:35 -0200 (BRST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ime.usp.br; s=mail; t=1449960158; bh=y/MhZDZ8ELzgXUglYKCW0NRjLmKuO43b+u/H4i5/iRs=; h=Date:From:To:Subject:From; b=JEfAhN6vsb/j0XeqU/SZQO1Z97SgIdzVnUkDn4SEfmn9fm1eQDXUK1zsGbmqM2GvF T7i5INXZP6nDy9lLVRb2gg6CmXi9+cJvVmjWSWNPEJzp6q+voZjOS95arRzYRT2Ds3 +FP2FPW7F0ioVZiJMnvDWGWwDYg7ql1dQgSYInGg= Date: Sat, 12 Dec 2015 20:44:23 -0200 From: =?utf-8?B?THXDrXM=?= Fernando Schultz Xavier da Silveira Sender: owner-freebsd-questions@freebsd.org To: freebsd-jail@freebsd.org Subject: OSS in jail Message-ID: <20151212224422.GB4884@hpmini> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on iris.ime.usp.br X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2015 22:42:40 -0000 Hi, I would like one of my jails to have the ability to play back sound, but not to record it. As I understand, sound is played back by writing to /dev/dsp and recorded by reading from it. Hence, placing the /dev/dsp device (and /dev/dsp[0-9]* devices) in the jail via devfs.rules is not a solution since the jail superuser can override permissions on these devices and even read from them when they lack read permission. Is there a way to give a device to a jail in write-only mode? If not, is it possible to create a virtual OSS stack and give that to the jail? How would you solve this problem? Also, is it possible to give the jail a mixer device that can only read mixer settings but not alter them? Thanks, Luís