I posted on the freebsd forums. I've been trying all night and I've made some progress but still I can't connect to the internet from my freebsd jail.
Please just give me a hint here.
I get the following inside the jail if I do nslookup www.google.com :
;; connection timed out; no servers could be reached
So, I can't seem to install stuff inside the jail. OR, is there any way I can install perl and starman on my host system and copy it into the jail?? In the end I just need this stuff installed and then I want my jail off the internet.
I tried various things, from the plain (1) jail command, (2) ezjail and finally (3) qjail. Also did a clean checkout of the freebsd source and did a buildworld.
This is my network config ifconfig -a:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
xn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=503<RXCSUM,TXCSUM,TSO4,LRO>
ether 12:31:39:1c:f0:bf
inet 192.168.1.101 netmask 0xffffffff broadcast 192.168.1.101
inet 192.168.1.102 netmask 0xffffffff broadcast 192.168.1.102
inet 10.110.238.77 netmask 0xfffffe00 broadcast 10.110.239.255
inet 10.0.0.1 netmask 0xffffffff broadcast 10.0.0.1
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet manual
status: active
This is the rest of my system:
cat /etc/rc.conf gives me :
# EC2 uses DHCP; the network interface appears as xn0.
ifconfig_xn0="DHCP"
### Standard FreeBSD configuration from here onwards.
sshd_enable="YES"
ezjail_enable="YES"
#for custom configs I hand made
ifconfig_xn0_alias0="inet 192.168.1.101/32"
ifconfig_xn0_alias1="inet 192.168.1.102/32"
pf_enable="YES"
cat /etc/pf.conf gives me:
ext_if="xn0" ##my network interface
MY_JAIL="10.0.0.1"
#redirect http traffic to daltons jail
rdr pass on $ext_if inet proto tcp to port http -> $MY_JAIL port http
#enable outgoing traffic from jail to the internet via NAT
nat on $ext_if from $MY_JAIL to any -> $ext_if
Any ideas, clues or hints?!
Best Answer
Sorry, got hung up on the connectivity issue and didn't realize you just want to install ports.
On the host system install PortUpgrade, it's much easier than fetching package deficiencies manually:
Then use it to fetch the packages:
The package files will be dumped in the hosts
/usr/ports/packages/All. Copy them to the jail(s). Install from jail:And Bob's your uncle.
I sometimes use
unionfsso that the jails have the Package directory of the host; removes the copy step. UnionFS doesn't work on ZFS however (ZFS doesn't have Whiteout). And ZFS's snapshot/clone feature makes jails easier.