I just installed/created a jail using the FBSD Handbook as a guide. Everything worked well except that my network doesn't work at all in the jail?

# ping mother
ping: socket: Operation not permitted

jls shows the correct IP associated with the jail

Here is my host rc.conf
#
# Jails...
#
jail_enable="YES"
jail_set_hostname_allow="NO"
jail_list="father"
jail_father_hostname="father.mydomain.org"
jail_father_ip="192.168.2.101"
jail_father_interface="re0"
jail_father_rootdir="/data/jails/father"
jail_father_devfs_enable="YES"

# jls
JID IP Address Hostname Path
3 192.168.2.101 father.mydomain.org /data/jails/father


I tried to set the IP in the jail during startup (rc.conf) but no go.

I'm probably missing something really stupid!

TIA
Krreagan

What's in your jail's /dev (ls -l /dev)?

I thought that due to (potential) security issues ping was not allowed to work through a jail. At any rate, I have 3 jails up and running and ping doesn't work in any of them (however, regular network traffic passes both ways). Try to ping the IP of your jail from either the jail host or another machine. If it answers, then networking is working in the jail. I can't remember where I read it but I'm nearly certain I read that ping will not work inside a jail.

I thought that due to (potential) security issues ping was not allowed to work through a jail. At any rate, I have 3 jails up and running and ping doesn't work in any of them (however, regular network traffic passes both ways). Try to ping the IP of your jail from either the jail host or another machine. If it answers, then networking is working in the jail. I can't remember where I read it but I'm nearly certain I read that ping will not work inside a jail.

This seems to be my issue. I cannot ping from inside my jail but I can do a fetch vis a port install from inside.
Ofcourse the fist thing I did in my jail was to attempt a ping... Now 3hrs later I find that its disabled! errrrrrrrr! They should add a note in the Handbook to this affect.


Thanks
Krreagan

This is just a guess, but if you really need ping functionality from within your jail, then you can set the following variable:

security.jail.allow_raw_sockets

using sysctl to 1 (should default to 0). Bear in mind though that this could introduce potential security issues (from my understanding it's something like someone being able to monitor traffic over the physical NIC (even if that traffic originates from outside the jail)). Your call if it's that important or not.

I'm having problems with all the items I was going to put into my jail (hobby).

NTP - needs access to set the HW clock (not allowed in jails)
DHCP - needs access to BPF (again not allowed in jails)
DNS (named) - already in chroot environment.

PS. the security.jail.allow_raw_sockets did allow me to run ping. Although not necessary any more that I determined that my jail network was working just fine.

I guess I'll have to put one of my other domains under a jail...

Thanks for the help.
Krreagan

If you run ntp on your jail host machine, it won't be necessary in the jail.

I'm having problems with all the items I was going to put into my jail (hobby).what kind of problems?