Date: Thu, 8 Jan 2009 11:07:04 +0100 From: "Spil Oss" <spil.oss@googlemail.com> To: ezjail@erdgeist.org, freebsd-stable@freebsd.org Subject: Problems with network in jail Message-ID: <5fbf03c20901080207y4b0b18beod775a8ef2887f147@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all,
Is it mandatory to add device mem to jails to enable network via the gateway?
Left ezjail with FreeBSD-6.3 (and a hardware replacement of my server)
and am now starting again with FreeBSD-7.1.
Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails
on 7.0). After creating the jail with
`ezjail-admin update -i`
I created a 'ports build' jail
`ezjail-admin create build 127.0.0.3`
and forgot to add the alias to lo0, so no networking off-course. So I
added the 127.0.0.3 alias to lo0
`ifconfig lo0 inet 127.0.0.3 alias`
and restarted the jail
Then I could get to the host machine, but not outside via the gateway.....
`netstat -nr` was returning errors
netstat: kvm not available: /dev/mem: No such file or directory
Routing tables
rt_tables: symbol not in namelist
But I could use the dns on the host, but was restricted to the host.
After adding mem to the devfs_rules for my jail, I can see the routing
tables....
And with mem added to devfs, I can also connect via the gateway on the
host (NAT)
If it's required to add 'mem' to the devfs rules to enable networking
in the jail, it may be worth adding to the FAQ and/or the man-pages
for ezjail-admin and jail? (and perhaps add a devfsrules_netjail to
the default/devfs.rules)
Kind regards,
Spil.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5fbf03c20901080207y4b0b18beod775a8ef2887f147>