Fw: Re: vimage-assigning interface to jail
remodeler
remodeler at alentogroup.org
Fri Oct 2 19:38:04 UTC 2009
Thank you Glen: (sorry this copied twice to glen)
> Do you have your nameserver in /etc/resolv.conf ?
The jail and hostname both have /etc/resolv.conf set to a nameserver on the
local host. I get the same error message pinging to the private-space address
of the physical ethernet interface (the server is on a NAT'd development network):
PING 192.168.0.10 (192.168.0.10): 56 data bytes
ping: sendto: No route to host
Some other information:
#ngctl list
There are 5 total nodes:
Name: bridge0 Type: bridge ID: 00000007 Num hooks: 3
Name: ipfw Type: ipfw ID: 00000001 Num hooks: 0
Name: ngeth0 Type: eiface ID: 00000004 Num hooks: 1
Name: ngctl1495 Type: socket ID: 0000000f Num hooks: 0
Name: msk0 Type: ether ID: 00000002 Num hooks: 2
Firewall rules are permissive, allow any to any. The jail environment is:
#ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL>
maclabel mls/equal(equal-equal)
eth0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 40:0a:0b:0c:0d:01
inet 172.26.75.10 netmask 0xffffffff broadcast 172.26.75.10
inet6 fe80::420a:bff:fe0c:d01%eth0 prefixlen 64 scopeid 0x2
nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL>
maclabel mls/low(low-low)
with eth0 being a ng_eiface node, moved to the jail with vimage -i testvnet
ngeth0. The host environment is:
#ifconfig
msk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=11a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4>
ether [edited]
inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::223:54ff:fe08:2bf7%msk0 prefixlen 64 scopeid 0x1
nd6 options=41<IFDISABLED,PERFORMNUD,AUTO_LINKLOCAL>
maclabel mls/low(low-low)
media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
nd6 options=33<PERFORMNUD,AUTO_LINKLOCAL>
maclabel mls/equal(equal-equal)
Output of jls from the host is:
#jls
# JID IP Address Hostname Path
# 1 - testnet.myorg.org /jail/j/testnet
I cannot set the IP address when I create the jail without an error:
ip4.addr=${addr} gives "jail: vnet jails cannot have IP address restrictions";
ip4${addr} gives "jail: ip4: unknown jailsys value "172.26.72.10""; and
ip=${addr} gives "jail: unknown parameter: ip".
netstat -rn gives:
#netstat: kvm not available: /dev/mem: Permission denied
#Routing tables
#rt_tables: symbol not in namelist
/dev/mem is available in the jail environment, and /dev is mounted in the
jail. I get a permission denied error on both /dev/mem and /dev/kmem:
#ll /dev/kmem (or ll /dev/mem)
#ls: /dev/kmem: Permission denied
also,
#vimage -l
testvnet
I do have vimage-enabled kernels on both the host and the jails (8.0). I
originally installed a non-vimage kernel in the jails, and then updated to a
vimage-enabled kernel following instructions in the handbook (using a template
system). I am fairly certain I have the new kernel, as uname shows my new
build date.
Thank you very much again.
------- End of Forwarded Message -------
__ __
________ ____ ___ ____ ____/ /__ / /__ _____
/ ___/ _ \/ __ `__ \/ __ \/ __ / _ \/ / _ \/ ___/
/ / / __/ / / / / / /_/ / /_/ / __/ / __/ /
/_/ \___/_/ /_/ /_/\____/\__,_/\___/_/\___/_/
The information contained in this message is confidential and is intended
for the addressee only. Any unauthorized use, dissemination of the
information, or copying of this message is prohibited.
More information about the freebsd-net
mailing list