[Semibug] Jails networking question

Mark Moellering markmoellering at psyberation.com
Mon May 15 15:44:23 EDT 2023 

Everyone,


I have rented (leased?, whatever...) a freebsd virtual server.  I added 
some jails and am working on getting the networking  set up properly.

I want to keep things simple, create a virtual lan, and then have all of 
the jails attached to the virtual lan.


My problem is that the jails aren't able to get out to the internet.  
For example, if I do a ping, I see the following:

ping: ssend socket: Operation not permitted


I am attaching rc.conf, output of ifconfig, and the jail.conf.d files.  
If anyone could point me in the right direction, it would be greatly 
appreciated.


Thanks in advance


Mark


-------------- next part --------------
mail {
	host.hostname="mail.cyberation.com";
	ip4.addr="192.168.1.2";
	path="/cloud/mail";
	mount.devfs;
	exec.clean;
	exec.start="sh /etc/rc";
	exec.stop="sh /etc/rc.shutdown";
}
-------------- next part --------------
database {
	host.hostname="database.cyberation.com";
	ip4.addr="192.168.1.1";
	path="/cloud/database";
	mount.devfs;
	exec.clean;
	exec.start="sh /etc/rc";
	exec.stop="sh /etc/rc.shutdown";
}
-------------- next part --------------
vtnet0: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=4c03bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
	ether 5a:51:3d:08:44:3d
	inet6 fe80::5851:3dff:fe08:443d%vtnet0 prefixlen 64 scopeid 0x1
	inet 202.61.197.146 netmask 0xfffffc00 broadcast 202.61.199.255
	media: Ethernet autoselect (10Gbase-T <full-duplex>)
	status: active
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 58:9c:fc:10:ff:8f
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: vtnet0.100 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 4 priority 128 path cost 2000
	member: vtnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 1 priority 128 path cost 2000
	groups: bridge
	nd6 options=9<PERFORMNUD,IFDISABLED>
vtnet0.100: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=480303<RXCSUM,TXCSUM,TSO4,TSO6,LINKSTATE,TXCSUM_IPV6>
	ether 5a:51:3d:08:44:3d
	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
	groups: vlan
	vlan: 100 vlanproto: 802.1q vlanpcp: 0 parent interface: vtnet0
	media: Ethernet autoselect (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
-------------- next part --------------
hostname="alpha.cyberation.com"
keymap="us.kbd"
ifconfig_vtnet0="DHCP"
ifconfig_vtnet0_ipv6="inet6 accept_rtadv"

# Needed for Jail Networking

vlans_vtnet0="100"
ifconfig_vtnet0_100="inet 192.168.1.1/24 up"

cloned_interfaces="bridge0"
ifconfig_bridge0="addm vtnet0 addm vtnet0.100 up"

sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"
pf_enable="YES"

# Needed For Jails
syslogd_flags="-b 202.61.197.146"


# Enable Jails 
jail_enable="YES"   # Set to NO to disable starting of any jails
jail_list="database mail web"

More information about the Semibug mailing list