Date: Mon, 1 Jan 2001 21:05:32 -0800 (PST) From: Jon Simola <jon@abccom.bc.ca> To: Dave VanAuken <dave@hawk-systems.com> Cc: freebsd-isp@FreeBSD.ORG Subject: RE: Jail problems - Continued on fbsd 4.2 Release Message-ID: <Pine.BSF.3.96.1010101204257.462C-100000@newmail.netbistro.com> In-Reply-To: <DBEIKNMKGOBGNDHAAKGNOENNCKAA.dave@hawk-systems.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 1 Jan 2001, Dave VanAuken wrote:
> Jail still not responding to telnet attempts.
On the host machine, your rc.conf entries should look something like:
network_interfaces="fxp0 lo0"
ifconfig_fxp0="inet x.x.x.192 netmask 0xffffff00"
ifconfig_fxp0_alias0="inet x.x.x.193 netmask 0xffffff00"
route_0="x.x.x.193 -iface lo0"
Also allows things like perl processes inside the jail to talk to the MySQL
server running on the host.
> once complete, have gone through the steps for activating the jail...
> after ifconfiging the alias for the new IP addr, mounting the proc I
Mounting a procfs inside the jail is fairly optional, despite what the man
page says. At least, I've never run across anything that doesn't work because
I don't have a procfs in the jail.
> run the jail and get teh following:
> **start screen dump**
> adjkerntz[269]: sysctl(set_disrtcset): Operation not permitted
> net.inet.tcp.rfc1323: Operation not permitted
> TCP keepalive=YESsysctl: net.inet.tcp.always_keepalive: Operation not
> permitted
> **end screen dump**
> as you can see we are getting an operation not permitted error from
> the start, and from what I can discern, this is causing a cascade of
> the other errors.
The default jail config uses the same rc files as a real server, so it tries
to set some sysctl options while booting, which isn't allowed inside a jail.
Edit the rc files in the jail's /etc to remove the sysctl calls, or ignore
them as harmless errors.
> Am not sure about the following as directed in the man jail(8)
> - created a blank file for the /etc/fstab within the jail - that
> right??
Yep, a file should exist so that programs and scripts that expect one don't
break.
> - disabled port mapper from within sysinstall(in jail)
> - ran newaliases - no problems
> - root password set via sysinstall(in jail)
> - timezone set via sysinstall(in jail)
> - account added via sysinstall(in jail)
> - have not added any packages yet
Fine.
> - !!not sure what they want for disabling the interface
> configuration...
Here's the rc.conf from one of my jails:
portmap_enable="NO"
network_interfaces=""
sendmail_enable="NO"
You remove all network interfaces so that the rc boot scripts don't try and
configure anything while booting the jail.
> - !!not sure what needs to be entered in /etc/resolve.conf for the
> jail's name resolution
Just a nameserver line. I haven't gotten around to trying to run a dns
resolver on the localhost interface inside the jail, but I think it should
work. Just use any dns server, so probably whatever you've got in
/etc/resolv.conf on the host.
---
Jon Simola <jon@abccom.bc.ca> | "In the near future - corporate networks
Systems Administrator | reach out to the stars, electrons and light
ABC Communications | flow throughout the universe." -- GITS
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1010101204257.462C-100000>