From owner-freebsd-stable@FreeBSD.ORG Thu Jan 8 10:29:41 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F2FA106564A for ; Thu, 8 Jan 2009 10:29:41 +0000 (UTC) (envelope-from spil.oss@googlemail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.157]) by mx1.freebsd.org (Postfix) with ESMTP id D354F8FC1A for ; Thu, 8 Jan 2009 10:29:40 +0000 (UTC) (envelope-from spil.oss@googlemail.com) Received: by fg-out-1718.google.com with SMTP id l26so2876831fgb.35 for ; Thu, 08 Jan 2009 02:29:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to :to:subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=MmTlMU9oLjdcieLDPDHzewTGgprSNlox5UdhATBgzuc=; b=sR8hMCNTQYSW/yNg/POdlmd7j/znnkczuVHNYJLVKh0jDE+d3Z53jRhyw/MllG2Ps+ V4v7Igr9xMMv7EQnHVBDikbZHqDLOsM7V7UzAF+dmu1VSPQf8CvXP+D07ZIshhBmBKcq KksJ3Z7keZ7bVf+zIYb5swC5+hf4dkHBG+v+Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:reply-to:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=LYqJaZK/FRdLhq0B9a76pk3A+zE4/XA1RGK7QVhHIEPthkPDkQLgjB9v0xIp15xOp8 ykZ//NFmkX1BEVs5cTb9RMVM2GziOCEovm2WddKbB7JjBipmpFrgM6GcUKO4xhdiQW/j ugFDip1fpfAuzWyaKMXQQlFVuIAMWX1d+EFKo= Received: by 10.86.59.2 with SMTP id h2mr9661651fga.73.1231409224366; Thu, 08 Jan 2009 02:07:04 -0800 (PST) Received: by 10.86.62.20 with HTTP; Thu, 8 Jan 2009 02:07:04 -0800 (PST) Message-ID: <5fbf03c20901080207y4b0b18beod775a8ef2887f147@mail.gmail.com> Date: Thu, 8 Jan 2009 11:07:04 +0100 From: "Spil Oss" To: ezjail@erdgeist.org, freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Problems with network in jail X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: spil.oss@gmail.com List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2009 10:29:42 -0000 Hi all, Is it mandatory to add device mem to jails to enable network via the gateway? Left ezjail with FreeBSD-6.3 (and a hardware replacement of my server) and am now starting again with FreeBSD-7.1. Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails on 7.0). After creating the jail with `ezjail-admin update -i` I created a 'ports build' jail `ezjail-admin create build 127.0.0.3` and forgot to add the alias to lo0, so no networking off-course. So I added the 127.0.0.3 alias to lo0 `ifconfig lo0 inet 127.0.0.3 alias` and restarted the jail Then I could get to the host machine, but not outside via the gateway..... `netstat -nr` was returning errors netstat: kvm not available: /dev/mem: No such file or directory Routing tables rt_tables: symbol not in namelist But I could use the dns on the host, but was restricted to the host. After adding mem to the devfs_rules for my jail, I can see the routing tables.... And with mem added to devfs, I can also connect via the gateway on the host (NAT) If it's required to add 'mem' to the devfs rules to enable networking in the jail, it may be worth adding to the FAQ and/or the man-pages for ezjail-admin and jail? (and perhaps add a devfsrules_netjail to the default/devfs.rules) Kind regards, Spil.