Re: Problems with network in jail

Thu, 08 Jan 2009 03:11:02 -0800 

Hi Peter,

Thanks a lot! Will read up on that. (luckily I do speak
german/swiss-german). From discussions on ##FreeBSD IRC I learned that
it is not recommended to use lo0 for jails!

On FreeBSD-6.3 I succesfully used lo0/127.0.0.2 for my mysql jail that
needed to be addressed only locally, but ONLY LOCALLY, no other
access. It may be possible to add a line similar to
     00100 divert 8668 ip from any to any in via xl0
to my ipfw/NAT config, but being warned, I'm not going down that path.

Since I moved my portbuild jail to bridge0/172.17.2.17 it works as
expected, without device mem!
And to boot I made errors when creating my aliases (ifconfig bridge0
inet 172.17.2.17 netmask *172.17.2.255* in stead of 255.255.255.0)

I will protect the jails that only need to be connected to from local
by adding rules to my ipfw setup

Now Iet's hope that my failures/problems serve as reference for future
users of (ez)jail!

Kind regards,

Spil.

2009/1/8 Oliver Peter <li...@peter.de.com>:
> On Thu, 8 Jan 2009 11:07:04 +0100
> "Spil Oss" <spil....@googlemail.com> wrote:
>
>> Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails
>> on 7.0). After creating the jail with
>>   `ezjail-admin update -i`
>> I created a 'ports build' jail
>>   `ezjail-admin create build 127.0.0.3`
>> and forgot to add the alias to lo0, so no networking off-course. So I
>> added the 127.0.0.3 alias to lo0
>>    `ifconfig lo0 inet 127.0.0.3 alias`
>> and restarted the jail
>
> If you use the loopback device for your jails you have to add NAT rules
> to your host machine, this documentation is very useful:
>
>        
> http://www.rootforum.de/wiki/freebsd/04_jail_infrastructure#packet_filter_einrichten
>
> (The article is in German, but the configuration stuff should be
> understandable anyway)
>
> --
> Oliver PETER, email: oli...@peter.de.com, ICQ# 113969174
> "If it feels good, you're doing something wrong."
>                                      -- Coach McTavish
>
>
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Reply via email to