From owner-freebsd-jail@freebsd.org Sat Dec 12 18:12:27 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C6CB4A14151 for ; Sat, 12 Dec 2015 18:12:27 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.gritton.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 90CD01A20 for ; Sat, 12 Dec 2015 18:12:27 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) by gritton.org (8.15.2/8.15.2) with ESMTPS id tBCIAqX8031772 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 12 Dec 2015 11:10:53 -0700 (MST) (envelope-from jamie@freebsd.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id tBCIAqKL031771; Sat, 12 Dec 2015 11:10:52 -0700 (MST) (envelope-from jamie@freebsd.org) X-Authentication-Warning: gritton.org: www set sender to jamie@freebsd.org using -f To: freebsd-jail@freebsd.org Subject: Re: Configuring network without ezjail X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sat, 12 Dec 2015 11:10:52 -0700 From: James Gritton In-Reply-To: <566B7D7E.2070507@gmail.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> Message-ID: X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.1.2 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2015 18:12:27 -0000 On 2015-12-11 18:50, marcel wrote: > No I don't get to have an IP address... Yet I have writed this in my > host's rc.conf: > > jail_enable="YES" > jail_list="thename" > jail_guantanamo_rootdir="thepath" > jail_guantanamo_hostname="thename" > jail_guantanamo_ip="192.168.0.12" > > and I use the command: > > jail thepath thename 192.168.0.12 /bin/csh > > to connect to my jail... Is the jail even created? You show jail_name as "thename", but the jail config variables are jail_quantanamo_*. So when you say "thename" do you really mean quantanamo? Because if you don't, then the jail won't get configured at startup. The command you're using to connect to the jail is actually a command that creates a jail. That's probably not what you want, as that jail is likely to disappear again after you exit from it. You should be using jexec(8), assuming your jail has been properly created in the first place. Now to the IP address: is your entire box behind some gateway, where it uses a 192.168 address? If it isn't, you'll need more than to just declare such an address - you'll need a jail with vnet, which is rather more complex. But if it is, then the question becomes: is 192.168.0.12 the host address, i.e. are you creating a jail that shares the host address? If you are it should work, but most jails aren't done this way. Specifying a jail's IP address only tell which of the host's existing addresses to use. If that address isn't already set up, it won't be used - unless you tell it to. If you're still using the rc.conf-based jail specification, you can set jail_interface (or jail_quantanamo_interface) to the name of the network interface where the host's main IP address lives (e.g. "em0" or somesuch). Such a config line is likely all you need. - Jamie