[PC-BSD Testing] Jails can't talk to internet
kris at pcbsd.org
Wed Jun 12 08:24:34 PDT 2013
On 06/11/2013 10:16, Jeff wrote:
> I run PCBSD 9.1 and have a Warden jail setup.
> In that jail which has it's own local IP, 192.168.1.12, I have an
> Apache server.
> Normally when I connect the computer to a single router that is
> connected to a modem, I set "nameserver 192.168.1.1", i.e. the router
> LAN IP / gateway, in etc/resolv.conf on the jail and have no problems.
> Now I have added a 2nd router daisy chained from the primary router,
> running a subnet (primary router has IP: 192.168.1.1 and secondary
> router: 192.168.2.1).
> The computer running the jail is plugged into the secondary router.
> The problem is, the jail can't contact the internet. I can SSH into
> the jail from the host but it takes a very long time to connect, like
> 15 seconds or so.
> I can't ping out of the jail either, even as root I get: ping: socket:
> Operation not permitted.
> Disabling the firewall has no effect.
> The server responds to any connection from any computer connected to
> the 2nd router but it's slow.
> I've tried different IP addresses for "nameserver" but nothing works.
> The resolv.conf file on the PCBSD host just lists the ISPs DNS
> servers. Even changing the 2nd router's IP to 192.168.1.1 and the
> primary router to 192.168.2.1 has no effect. I thought maybe the jails
> needed to be on the same subnet.
> I have no problems using the internet from the host, just the jails.
> Any ideas why this happens and how to get around it? I've had this
> problem for years with different versions of FreeBSD.
> I thought that jails just used the host's internet setup.
> I posted this first on the PCBSD forum but got no response. I also
> posted on the FreeBSD networking forum and got this, which is a bit
> over my head:
That is a bit more complex. Pinging is off in a jails by default, but
you can enable them with this:
# warden set flags <myjailip> allow.raw_sockets=true
Then restart the jail.
Next, I'm guessing the delay in the jail responding to queries is
because of some failing reverse DNS lookups. You can try to fix this by
enabling BIND on the system / jail by setting:
named_enable="YES" in /etc/rc.conf of the jail or host, then use the
local IP as DNS server.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Testing