nslookup fails inside freebsd jail


I posted on the freebsd forums. I've been trying all night and I've made some progress but still I can't connect to the internet from my freebsd jail.

Please just give me a hint here.

I get the following inside the jail if I do nslookup www.google.com :

;; connection timed out; no servers could be reached

So, I can't seem to install stuff inside the jail. OR, is there any way I can install perl and starman on my host system and copy it into the jail?? In the end I just need this stuff installed and then I want my jail off the internet.

I tried various things, from the plain (1) jail command, (2) ezjail and finally (3) qjail. Also did a clean checkout of the freebsd source and did a buildworld.

This is my network config ifconfig -a:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
xn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 12:31:39:1c:f0:bf
        inet netmask 0xffffffff broadcast
        inet netmask 0xffffffff broadcast
        inet netmask 0xfffffe00 broadcast
        inet netmask 0xffffffff broadcast
        media: Ethernet manual
        status: active

This is the rest of my system:

cat /etc/rc.conf gives me :

# EC2 uses DHCP; the network interface appears as xn0.

### Standard FreeBSD configuration from here onwards.

#for custom configs I hand made


cat /etc/pf.conf gives me:

ext_if="xn0" ##my network interface
#redirect http traffic to daltons jail
rdr pass on $ext_if inet proto tcp to port http -&gt; $MY_JAIL port http
#enable outgoing traffic from jail to the internet via NAT
nat on $ext_if from $MY_JAIL to any -&gt; $ext_if

Any ideas, clues or hints?!

asked on Server Fault Feb 24, 2013 by gideon • edited Apr 13, 2017 by Community

1 Answer


Sorry, got hung up on the connectivity issue and didn't realize you just want to install ports.

On the host system install PortUpgrade, it's much easier than fetching package deficiencies manually:

pkg_add -r portupgrade

Then use it to fetch the packages:

portupgrade -NRFPP $PKG_NAME
portupgrade -NRFPP lang/perl5.14

The package files will be dumped in the hosts /usr/ports/packages/All. Copy them to the jail(s). Install from jail:

pkg_add /path/to/file/downloaded/perl5.14.tgz

And Bob's your uncle.

I sometimes use unionfs so that the jails have the Package directory of the host; removes the copy step. UnionFS doesn't work on ZFS however (ZFS doesn't have Whiteout). And ZFS's snapshot/clone feature makes jails easier.

answered on Server Fault Feb 24, 2013 by Chris S

User contributions licensed under CC BY-SA 3.0