Date: Thu, 22 Dec 2016 16:55:59 -0500 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: freebsd-questions@freebsd.org Subject: IP address assignments to jails using ezjail Message-ID: <b6c71debe36b214c620d4027ce6bec31.squirrel@webmail.harte-lyne.ca>
next in thread | raw e-mail | index | archive | help
When I created the new jail I used this invocation:
ezjail-admin create -x hlldrupal 'lo1|127.0.1.1,vtnet0|192.168.216.196'
Inside the host rc.conf I have this:
# Cloned i/f and assigned ipv4 addr for jails
cloned_interfaces="lo1" # For shared jail configuration
And ifconfig on the host shows this:
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
ether 00:a0:98:fa:aa:b6
inet 216.185.71.16 netmask 0xffffff00 broadcast 216.185.71.255
inet 192.168.216.16 netmask 0xffffff00 broadcast 192.168.216.255
inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
. . .
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.1.1 netmask 0xffffffff
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
groups: lo
Inside the jail ifconfig shows this:
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
ether 00:a0:98:fa:aa:b6
inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196
media: Ethernet 10Gbase-T <full-duplex>
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
groups: lo
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.1.1 netmask 0xffffffff
groups: lo
All this seems to be correct and yet I cannot seem to obtain an ssh
connection to or from the jailed instance. ubound is running in the
jail and seems to be working. At least host responds to queries.
root@hlldrupal:~ # host sendmail.com
sendmail.com has address 209.246.26.25
sendmail.com mail is handled by 10 mxa-00148501.gslb.pphosted.com.
sendmail.com mail is handled by 20 mx2.proofpoint.com.
sendmail.com mail is handled by 10 mxb-00148501.gslb.pphosted.com.
pf is not running in the jail but sshd is:
root@hlldrupal:~ # service sshd status
sshd is running as pid 81502.
root@hlldrupal:~ # service pf status
Cannot 'status' pf. Set pf_enable to YES in /etc/rc.conf or use
'onestatus' instead of 'status'.
root@hlldrupal:~ # service pf onestatus
pf.ko is not loaded
I note that the flag IFDISABLED is present on the host's lo1. Why? Is
this the source of the connectivity problem with the jail? If so then
why does the host commend work when executed within the jail? In any
case I can ping the jail from without:
[root@vhost04 ~ (master *%)]# ping 192.168.216.196
PING 192.168.216.196 (192.168.216.196) 56(84) bytes of data.
64 bytes from 192.168.216.196: icmp_seq=1 ttl=64 time=0.647 ms
I just cannot connect to that address via ssh from without nor can I
connect ssh to any address from within the jail.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b6c71debe36b214c620d4027ce6bec31.squirrel>