Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 8 Jan 2009 12:10:06 +0100
From:      "Spil Oss" <spil.oss@googlemail.com>
To:        lists@peter.de.com, ezjail@erdgeist.org, freebsd-stable@freebsd.org
Subject:   Re: Problems with network in jail
Message-ID:  <5fbf03c20901080310g69da867v1fc8dadcdb4ca7ae@mail.gmail.com>
In-Reply-To: <20090108105448.4cd6dcfe@dilbert.office.centralnic.com>
References:  <5fbf03c20901080207y4b0b18beod775a8ef2887f147@mail.gmail.com> <20090108105448.4cd6dcfe@dilbert.office.centralnic.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Peter,

Thanks a lot! Will read up on that. (luckily I do speak
german/swiss-german). From discussions on ##FreeBSD IRC I learned that
it is not recommended to use lo0 for jails!

On FreeBSD-6.3 I succesfully used lo0/127.0.0.2 for my mysql jail that
needed to be addressed only locally, but ONLY LOCALLY, no other
access. It may be possible to add a line similar to
     00100 divert 8668 ip from any to any in via xl0
to my ipfw/NAT config, but being warned, I'm not going down that path.

Since I moved my portbuild jail to bridge0/172.17.2.17 it works as
expected, without device mem!
And to boot I made errors when creating my aliases (ifconfig bridge0
inet 172.17.2.17 netmask *172.17.2.255* in stead of 255.255.255.0)

I will protect the jails that only need to be connected to from local
by adding rules to my ipfw setup

Now Iet's hope that my failures/problems serve as reference for future
users of (ez)jail!

Kind regards,

Spil.

2009/1/8 Oliver Peter <lists@peter.de.com>:
> On Thu, 8 Jan 2009 11:07:04 +0100
> "Spil Oss" <spil.oss@googlemail.com> wrote:
>
>> Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails
>> on 7.0). After creating the jail with
>>   `ezjail-admin update -i`
>> I created a 'ports build' jail
>>   `ezjail-admin create build 127.0.0.3`
>> and forgot to add the alias to lo0, so no networking off-course. So I
>> added the 127.0.0.3 alias to lo0
>>    `ifconfig lo0 inet 127.0.0.3 alias`
>> and restarted the jail
>
> If you use the loopback device for your jails you have to add NAT rules
> to your host machine, this documentation is very useful:
>
>        http://www.rootforum.de/wiki/freebsd/04_jail_infrastructure#packet_filter_einrichten
>
> (The article is in German, but the configuration stuff should be
> understandable anyway)
>
> --
> Oliver PETER, email: oliver@peter.de.com, ICQ# 113969174
> "If it feels good, you're doing something wrong."
>                                      -- Coach McTavish
>
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5fbf03c20901080310g69da867v1fc8dadcdb4ca7ae>