remodeler wrote:
Thank you Glen: (sorry this copied twice to glen)
Do you have your nameserver in /etc/resolv.conf ?
The jail and hostname both have /etc/resolv.conf set to a nameserver on the
local host. I get the same error message pinging to the private-space address
of the physical ethernet interface (the server is on a NAT'd development
network):
PING 192.168.0.10 (192.168.0.10): 56 data bytes
ping: sendto: No route to host
Some other information:
#ngctl list
There are 5 total nodes:
Name: bridge0 Type: bridge ID: 00000007 Num hooks: 3
Name: ipfw Type: ipfw ID: 00000001 Num hooks: 0
Name: ngeth0 Type: eiface ID: 00000004 Num hooks: 1
Name: ngctl1495 Type: socket ID: 0000000f Num hooks: 0
Name: msk0 Type: ether ID: 00000002 Num hooks: 2
Firewall rules are permissive, allow any to any. The jail environment is:
#ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL>
maclabel mls/equal(equal-equal)
eth0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 40:0a:0b:0c:0d:01
inet 172.26.75.10 netmask 0xffffffff broadcast 172.26.75.10
inet6 fe80::420a:bff:fe0c:d01%eth0 prefixlen 64 scopeid 0x2
nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL>
maclabel mls/low(low-low)
with eth0 being a ng_eiface node, moved to the jail with vimage -i testvnet
ngeth0. The host environment is:
#ifconfig
msk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=11a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4>
ether [edited]
inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::223:54ff:fe08:2bf7%msk0 prefixlen 64 scopeid 0x1
nd6 options=41<IFDISABLED,PERFORMNUD,AUTO_LINKLOCAL>
maclabel mls/low(low-low)
media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL>
maclabel mls/equal(equal-equal)
Output of jls from the host is:
#jls
# JID IP Address Hostname Path
# 1 - testnet.myorg.org /jail/j/testnet
I cannot set the IP address when I create the jail without an error:
ip4.addr=${addr} gives "jail: vnet jails cannot have IP address restrictions";
ip4${addr} gives "jail: ip4: unknown jailsys value "172.26.72.10""; and
ip=${addr} gives "jail: unknown parameter: ip".
netstat -rn gives:
#netstat: kvm not available: /dev/mem: Permission denied
#Routing tables
#rt_tables: symbol not in namelist
/dev/mem is available in the jail environment, and /dev is mounted in the
jail. I get a permission denied error on both /dev/mem and /dev/kmem:
#ll /dev/kmem (or ll /dev/mem)
#ls: /dev/kmem: Permission denied
also,
#vimage -l
testvnet
I do have vimage-enabled kernels on both the host and the jails (8.0). I
originally installed a non-vimage kernel in the jails, and then updated to a
vimage-enabled kernel following instructions in the handbook (using a template
system). I am fairly certain I have the new kernel, as uname shows my new
build date.
I don't think the kernel in a jail matters.
the following has a jail with a root of / for simplicity of testing:
soekris# jail -c host.hostname=test path=/ vnet command=/bin/tcsh
test#
lo0: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
---- back on host system:
soekris# jls
JID IP Address Hostname Path
1 - test /
soekris# ifconfig vr2 vnet 1
soekris#
---- back on jail 'test' (1):
test# ifconfig
lo0: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
vr2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC>
ether 00:00:24:c9:24:6a
media: Ethernet autoselect (none)
status: no carrier
test# ifconfig vr2 172.28.15.1/24
test# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
172.28.15.0/24 link#2 U 0 0 vr2
172.28.15.1 link#2 UHS 0 0 lo0
test# route add default 172.28.15.2
add net default: gateway 172.28.15.2
test# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 172.28.15.2 UGS 0 0 vr2
172.28.15.0/24 link#2 U 0 0 vr2
172.28.15.1 link#2 UHS 0 0 lo0
test#
I think you need to add a default rule for starters as there is no
route to 192.168.x.x in your jail.
Remember the jail can not see your base system.
Thank you very much again.
------- End of Forwarded Message -------
__ __
________ ____ ___ ____ ____/ /__ / /__ _____
/ ___/ _ \/ __ `__ \/ __ \/ __ / _ \/ / _ \/ ___/
/ / / __/ / / / / / /_/ / /_/ / __/ / __/ /
/_/ \___/_/ /_/ /_/\____/\__,_/\___/_/\___/_/
The information contained in this message is confidential and is intended
for the addressee only. Any unauthorized use, dissemination of the
information, or copying of this message is prohibited.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[email protected]"
