bsduser
07-25-2008, 07:45 PM
Hello guys, I got a freebsd jail up and running, I have only one problem, I can't go over internet with the jail ( but I can ping all the machines in my local network ) .. I tried to forward the packets from fbsd hosts ip to freebsd trought nat, but something seem doesn't work properly .. here something about my configuration
/etc/rc.conf ( freebsd host )
# -- sysinstall generated deltas -- # Fri Feb 9 17:54:42 2007
# Created: Fri Feb 9 17:54:42 2007
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="192.168.1.1"
gateway_enable="YES"
hostname="Ultra5.fBSD"
ifconfig_hme0="inet 192.168.1.10 netmask 255.255.255.0"
ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
ifconfig_hme0_alias0="inet 192.168.1.20 netmask 255.255.255.255"
#ifconfig_DEFAULT="DHCP"
#background_dhclient="YES"
inetd_enable="YES"
inetd_flags="-wW -a 192.168.1.10"
sshd_enable="YES"
#usbd_enable="YES"
# IPFW
firewall_enable="YES"
firewall_type="OPEN"
#firewall_logging="YES"
firewall_quite="NO"
#firewall_script="/etc/rc.fire"
#firewall_flags=""
#Nat e ppp
#ppp_nat="YES"
#ppp_enable="YES"
#ppp_mode="ddial"
#ppp_profile="name_of_service_provider"
# Natd
natd_enable="YES"
natd_interface="hme0"
natd_flags="-f /etc/natd.conf"
# Servizi ftp
vsftpd_enable="YES"
sendmail_enable="NO"
#fsck_y_enable=YES
# NFS
rpcbind_enable="NO"
nfs_server_enable="YES"
mountd_flags="-r"
# Jail(s)
jail_enable="YES" # Set to NO to disable starting of any jails
jail_list="my freebsd jail subsystem" # Space separated list of names of jails
jail_JAILDIR_rootdir="/usr/jail/JAILDIR" # jail's root directory
jail_JAILDIR_hostname="jail.local" # jail's hostname
jail_JAILDIR_ip="192.168.1.20" # jail's IP address
jail_JAILDIR_devfs_enable="YES" # mount devfs in the jail
jail_JAILDIR_devfs_ruleset="devfsrules_jail" # devfs ruleset to apply to jail
jail_JAILDIR_exec_start_="/bin/tcsh /etc/rc"
ifconfig ( freebsd host )
hme0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
ether 08:00:20:c2:f7:37
inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.20 netmask 0xffffffff broadcast 192.168.1.20
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
/etc/natd.conf ( freebsd host )
redirect_address 192.168.1.10 192.168.1.20
#redirect_address 192.168.2.101 192.168.2.102
#redirect_address 192.168.2.101 192.168.2.100
redirect_port tcp 192.168.1.20:6667 6667
redirect_port tcp 192.168.1.20:80 80
redirect_port tcp 192.168.1.20:21 21
/etc/sysctl.conf ( freebsd host )
security.jail.allow_raw_sockets=1
net.inet.ip.fw.one_pass=1
/etc/rc.conf ( freebsd jail )
hostname="jail.local"
ifconfig_hme0="inet 192.168.1.20 netmask 255.255.255.255"
defaultrouter="192.168.1.10"
rpcbind_enable="NO"
and of course such as server dns in the freebsd jail I put the gw ip addres, but it seems doesn't work, thats what I got ..
jail# ping www.google.com
ping: cannot resolve www.google.com: Host name lookup failure
any idea about that ?
/etc/rc.conf ( freebsd host )
# -- sysinstall generated deltas -- # Fri Feb 9 17:54:42 2007
# Created: Fri Feb 9 17:54:42 2007
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="192.168.1.1"
gateway_enable="YES"
hostname="Ultra5.fBSD"
ifconfig_hme0="inet 192.168.1.10 netmask 255.255.255.0"
ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
ifconfig_hme0_alias0="inet 192.168.1.20 netmask 255.255.255.255"
#ifconfig_DEFAULT="DHCP"
#background_dhclient="YES"
inetd_enable="YES"
inetd_flags="-wW -a 192.168.1.10"
sshd_enable="YES"
#usbd_enable="YES"
# IPFW
firewall_enable="YES"
firewall_type="OPEN"
#firewall_logging="YES"
firewall_quite="NO"
#firewall_script="/etc/rc.fire"
#firewall_flags=""
#Nat e ppp
#ppp_nat="YES"
#ppp_enable="YES"
#ppp_mode="ddial"
#ppp_profile="name_of_service_provider"
# Natd
natd_enable="YES"
natd_interface="hme0"
natd_flags="-f /etc/natd.conf"
# Servizi ftp
vsftpd_enable="YES"
sendmail_enable="NO"
#fsck_y_enable=YES
# NFS
rpcbind_enable="NO"
nfs_server_enable="YES"
mountd_flags="-r"
# Jail(s)
jail_enable="YES" # Set to NO to disable starting of any jails
jail_list="my freebsd jail subsystem" # Space separated list of names of jails
jail_JAILDIR_rootdir="/usr/jail/JAILDIR" # jail's root directory
jail_JAILDIR_hostname="jail.local" # jail's hostname
jail_JAILDIR_ip="192.168.1.20" # jail's IP address
jail_JAILDIR_devfs_enable="YES" # mount devfs in the jail
jail_JAILDIR_devfs_ruleset="devfsrules_jail" # devfs ruleset to apply to jail
jail_JAILDIR_exec_start_="/bin/tcsh /etc/rc"
ifconfig ( freebsd host )
hme0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
ether 08:00:20:c2:f7:37
inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.20 netmask 0xffffffff broadcast 192.168.1.20
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
/etc/natd.conf ( freebsd host )
redirect_address 192.168.1.10 192.168.1.20
#redirect_address 192.168.2.101 192.168.2.102
#redirect_address 192.168.2.101 192.168.2.100
redirect_port tcp 192.168.1.20:6667 6667
redirect_port tcp 192.168.1.20:80 80
redirect_port tcp 192.168.1.20:21 21
/etc/sysctl.conf ( freebsd host )
security.jail.allow_raw_sockets=1
net.inet.ip.fw.one_pass=1
/etc/rc.conf ( freebsd jail )
hostname="jail.local"
ifconfig_hme0="inet 192.168.1.20 netmask 255.255.255.255"
defaultrouter="192.168.1.10"
rpcbind_enable="NO"
and of course such as server dns in the freebsd jail I put the gw ip addres, but it seems doesn't work, thats what I got ..
jail# ping www.google.com
ping: cannot resolve www.google.com: Host name lookup failure
any idea about that ?