Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 2 Oct 2009 15:50:27 -0400
From:      "remodeler" <remodeler@alentogroup.org>
To:        freebsd-net@freebsd.org
Subject:   Fw: Re: vimage-assigning interface to jail
Message-ID:  <20091002195008.M13604@alentogroup.org>
In-Reply-To: <20091002190821.M69919@alentogroup.org>
References:  <20091001173851.M50386@alentogroup.org> <4AC4FD98.3000301@elischer.org> <20091002181509.M38849@alentogroup.org> <4ad871310910021136v3dc3cd2l520102bae715c2bc@mail.gmail.com> <20091002190821.M69919@alentogroup.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Thank you Glen: (sorry this copied twice to glen)

> Do you have your nameserver in /etc/resolv.conf ?

The jail and hostname both have /etc/resolv.conf set to a nameserver on the
local host. I get the same error message pinging to the private-space address
of the physical ethernet interface (the server is on a NAT'd development network):

  PING 192.168.0.10 (192.168.0.10): 56 data bytes
  ping: sendto: No route to host

Some other information:

#ngctl list
There are 5 total nodes:
  Name: bridge0         Type: bridge          ID: 00000007   Num hooks: 3
  Name: ipfw            Type: ipfw            ID: 00000001   Num hooks: 0
  Name: ngeth0          Type: eiface          ID: 00000004   Num hooks: 1
  Name: ngctl1495       Type: socket          ID: 0000000f   Num hooks: 0
  Name: msk0            Type: ether           ID: 00000002   Num hooks: 2

Firewall rules are permissive, allow any to any. The jail environment is:

#ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL>
        maclabel mls/equal(equal-equal)
eth0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 40:0a:0b:0c:0d:01
        inet 172.26.75.10 netmask 0xffffffff broadcast 172.26.75.10
        inet6 fe80::420a:bff:fe0c:d01%eth0 prefixlen 64 scopeid 0x2
        nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL>
        maclabel mls/low(low-low)

with eth0 being a ng_eiface node, moved to the jail with vimage -i testvnet
ngeth0. The host environment is:

#ifconfig
msk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=11a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4>
        ether [edited]
        inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255
        inet6 fe80::223:54ff:fe08:2bf7%msk0 prefixlen 64 scopeid 0x1
        nd6 options=41<IFDISABLED,PERFORMNUD,AUTO_LINKLOCAL>
        maclabel mls/low(low-low)
        media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL>
        maclabel mls/equal(equal-equal)

Output of jls from the host is:

#jls
#   JID  IP Address      Hostname                      Path
#     1  -               testnet.myorg.org             /jail/j/testnet

I cannot set the IP address when I create the jail without an error:
ip4.addr=${addr} gives "jail: vnet jails cannot have IP address restrictions";
ip4${addr} gives "jail: ip4: unknown jailsys value "172.26.72.10""; and
ip=${addr} gives "jail: unknown parameter: ip".

netstat -rn gives:

#netstat: kvm not available: /dev/mem: Permission denied
#Routing tables
#rt_tables: symbol not in namelist

/dev/mem is available in the jail environment, and /dev is mounted in the
jail. I get a permission denied error on both /dev/mem and /dev/kmem:

#ll /dev/kmem (or ll /dev/mem)
#ls: /dev/kmem: Permission denied

also,

#vimage -l
testvnet

I do have vimage-enabled kernels on both the host and the jails (8.0). I
originally installed a non-vimage kernel in the jails, and then updated to a
vimage-enabled kernel following instructions in the handbook (using a template
system). I am fairly certain I have the new kernel, as uname shows my new
build date.

Thank you very much again.
------- End of Forwarded Message -------


                                  __     __         
   ________  ____ ___  ____  ____/ /__  / /__  _____
  / ___/ _ \/ __ `__ \/ __ \/ __  / _ \/ / _ \/ ___/
 / /  /  __/ / / / / / /_/ / /_/ /  __/ /  __/ /    
/_/   \___/_/ /_/ /_/\____/\__,_/\___/_/\___/_/     
 
The information contained in this message is confidential and is intended
for the addressee only. Any unauthorized use, dissemination of the
information, or copying of this message is prohibited.




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20091002195008.M13604>