Please just give me a hint here.
I get the following inside the jail if I do
nslookup www.google.com :
;; connection timed out; no servers could be reached
So, I can't seem to install stuff inside the jail. OR, is there any way I can install perl and starman on my host system and copy it into the jail?? In the end I just need this stuff installed and then I want my jail off the internet.
I tried various things, from the plain (1) jail command, (2) ezjail and finally (3) qjail. Also did a clean checkout of the freebsd source and did a buildworld.
This is my network config
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff000000 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> xn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=503<RXCSUM,TXCSUM,TSO4,LRO> ether 12:31:39:1c:f0:bf inet 192.168.1.101 netmask 0xffffffff broadcast 192.168.1.101 inet 192.168.1.102 netmask 0xffffffff broadcast 192.168.1.102 inet 10.110.238.77 netmask 0xfffffe00 broadcast 10.110.239.255 inet 10.0.0.1 netmask 0xffffffff broadcast 10.0.0.1 nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> media: Ethernet manual status: active
This is the rest of my system:
cat /etc/rc.conf gives me :
# EC2 uses DHCP; the network interface appears as xn0. ifconfig_xn0="DHCP" ### Standard FreeBSD configuration from here onwards. sshd_enable="YES" ezjail_enable="YES" #for custom configs I hand made ifconfig_xn0_alias0="inet 192.168.1.101/32" ifconfig_xn0_alias1="inet 192.168.1.102/32" pf_enable="YES"
cat /etc/pf.conf gives me:
ext_if="xn0" ##my network interface MY_JAIL="10.0.0.1" #redirect http traffic to daltons jail rdr pass on $ext_if inet proto tcp to port http -> $MY_JAIL port http #enable outgoing traffic from jail to the internet via NAT nat on $ext_if from $MY_JAIL to any -> $ext_if
Any ideas, clues or hints?!
Sorry, got hung up on the connectivity issue and didn't realize you just want to install ports.
On the host system install PortUpgrade, it's much easier than fetching package deficiencies manually:
pkg_add -r portupgrade
Then use it to fetch the packages:
portupgrade -NRFPP $PKG_NAME ie. portupgrade -NRFPP lang/perl5.14
The package files will be dumped in the hosts
/usr/ports/packages/All. Copy them to the jail(s). Install from jail:
And Bob's your uncle.
I sometimes use
unionfs so that the jails have the Package directory of the host; removes the copy step. UnionFS doesn't work on ZFS however (ZFS doesn't have Whiteout). And ZFS's snapshot/clone feature makes jails easier.
User contributions licensed under CC BY-SA 3.0