Hi All I am using FreeBSD 11 and have created a new jail using the following steps 1. make buildworld DESTDIR=/here/is/the/jail 2. make installworld DESTDIR=/here/is/the/jail 3. make distribution DESTDIR=/here/is/the/jail 4. mount -t devfs devfs /here/is/the/jail/dev I have the following in my host rc.conf jail_enable="YES" # Set to NO to disable starting of any jails jail_list="www" # Space separated list of names of jails Note: Jail names in jail_list should contain alphanumeric characters only. For each jail listed in jail_list, a group of rc.conf(5) settings, which describe the particular jail, should be added: jail_www_rootdir="/usr/jail/www" # jail's root directory jail_www_hostname="jailname.org" # jail's hostname jail_www_ip="IP_Address" # jail's IP address jail_www_devfs_enable="YES" # mount devfs in the jail On the host, I did sysctl security.jail.allow_raw_sockets=1 In /etc/jail.conf, in the config section for that jail, I entered the line *allow.raw.sockets = 1 * and I also did an *echo 'security.jail.allow_raw_sockets=1' >> /etc/sysctl.conf *inside the jail.>From what I can tell, I should be able to ping inside the jail now but itstill doesn't work. Does anyone see anything I may have left out?
Software Information wrote on 2017/07/11 19:01:> Hi All > I am using FreeBSD 11 and have created a new jail using the following steps > > 1. make buildworld DESTDIR=/here/is/the/jail > 2. make installworld DESTDIR=/here/is/the/jail > 3. make distribution DESTDIR=/here/is/the/jail > 4. mount -t devfs devfs /here/is/the/jail/dev > > I have the following in my host rc.conf > > jail_enable="YES" # Set to NO to disable starting of any jails > > jail_list="www" # Space separated list of names of jails > > Note: Jail names in jail_list should contain alphanumeric characters only. > > For each jail listed in jail_list, a group of rc.conf(5) settings, which > describe the particular jail, should be added: > > > > jail_www_rootdir="/usr/jail/www" # jail's root directory > > jail_www_hostname="jailname.org" # jail's hostname > > jail_www_ip="IP_Address" # jail's IP address > > jail_www_devfs_enable="YES" # mount devfs in the jail > > > On the host, I did sysctl security.jail.allow_raw_sockets=1 > > In /etc/jail.conf, in the config section for that jail, I entered the > line *allow.raw.sockets > = 1 * > > > and I also did an *echo 'security.jail.allow_raw_sockets=1' >> > /etc/sysctl.conf *inside the jail. > > >>From what I can tell, I should be able to ping inside the jail now but it > still doesn't work. Does anyone see anything I may have left out?I recommend you to use jail.conf only and do not set jail variables in rc.conf. It is not good to mix these two. Put jail_enable="YES" in to rc.conf and then this in to jail.conf: ## Typical static defaults: ## Use the rc scripts to start and stop jails. Mount jail's /dev. exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; exec.system_user = "root"; exec.jail_user = "root"; mount.devfs; devfs_ruleset = 4; enforce_statfs = 1; allow.set_hostname = 0; allow.sysvipc = 0; allow.raw_sockets = 0; ## Dynamic wildcard parameter: ## Base the path off the jail name. path = "/usr/jail/$name"; exec.consolelog = "/var/log/jail/$name.console"; mount.fstab = "/etc/fstab.$name"; ## Jail www www { host.hostname = "jailname.example.com"; ip4.addr = 10.10.10.10; allow.raw_sockets = 1; } Then you can run this jail by command: # service jail start www Miroslav Lachman