Re: How to connect a jail to the web ?

It seems that you have DNS problems.
Login in your jail
go to /etc

Make a file called resolv.conf
which contains:

domain your_jail_domain
nameserver your_namerserver

and it will work...

Jack

PS sorry for the top posting.
I'm using outlook express :-(






----- Original Message ----- From: "Brice ERRANDONEA" <berrandonea@xxxxxxxx>
To: "Roland Smith" <rsmith@xxxxxxxxx>; <freebsd-questions@xxxxxxxxxxx>
Sent: Wednesday, August 11, 2010 5:35 PM
Subject: Re : How to connect a jail to the web ?


I tried all of this without any result. But I won't give up.

What I want is a jail with an Apache http server running inside. So, the jail
must have a public IPv4 and access to the web.

What I'd understood of the jails' role (but I must have misunderstood) is that
it will have a different public ip than the host, so that if a pirate manage to
crack the server, he will only have access to the jail (the real public ip of
the host remaining secret). Then I'm surprised to learn that such traffic will
be routed through the host.

The jail is created. The next step now is to install the ports collection inside
with portsnap fetch. But each time I try to run this command inside the jail
(with jexec), I get the same answer :

Looking up portsnap.FreeBSD.org mirrors... none found.
Fetching public key from portsnap.FreeBSD.org... failed.
No mirrors remaining, giving up.

This makes me think my jail is not connected to the web. To check this, I tried
to ping various know websites. When I tried domain names, like "ping
www.freebsd.org", this error message appears :

ping: cannot resolve www.freebsd.org : Host name lookup failure

So, I can't contact DNS servers able to translate www.freebsd.org to its ip.
Since I know this ip, I tried : "ping 69.147.83.33". This time, the error
message is :

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: How to connect a jail to the web ?
    ... I did it but ping still doesn't work. ... Which IP address are you using for the jail now? ... that you can ping from the host. ... "Clear perl code is better than unclear awk code; ...
    (freebsd-questions)
  • Jails - Pseudo Interfaces/ Virtual Networks - Best Practices?
    ... I'm in the process of planning a transition from VMWare (on CentOS host) hosting service-specific FreeBSD virtual machines to the seemingly more efficient, stable, and lower maintenance cost approach, now that I've figured out at least some of the "magic" of creating jails under FreeBSD. ... The questions generally relate to being able to consistently identify traffic from/to the jails, inside and outside the jail host, with tools such as ipfw and tcpdump. ... With VMWare, I was used to being able to create a pseudo-interface that could be "wired" to a virtual "switch" and then that switch could be bridged to a physical interface. ... Here DNS needs to be run for the host itself only, to be able to start up NTP and allow ssh connections for management over the "protected" interface. ...
    (freebsd-questions)
  • Re: carp+pfsync+freevrrpd+jail
    ... no traffic appears on master host - that means that the local carp ... host will answer the request. ... In case service IP is local it just dealing with jail. ... If only master carp answering packets then packet, coming from internal vlan200 comes to host: ...
    (freebsd-stable)
  • Re: problems with jail
    ... > yes, I can ping it from this machine, other machines and jail. ... > Going on that line, I tried to ssh to it, and I got into the host ... > -Jim Stapleton ...
    (freebsd-questions)
  • Re: Fw: Re: vimage-assigning interface to jail
    ... ping: sendto: No route to host ... The jail environment is: ... I do have vimage-enabled kernels on both the host and the jails. ...
    (freebsd-net)