No network access in jail on virtual box

Status
Not open for further replies.

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
I have previous used virtual box to install freenas as a test box so I don't mess up my current install. I'm not sure what happened but I can't access the internet from a jail but can from the host system. ping www.google.com and ping 192.168.5.1 (my gateway) only work in my host system but not in the jail.
I'm using VirtualBox 5.2.22 and have install FN 11.2U1 from scratch with networking set to bridge, 2 processors and 8gig of ram. I've tried to create a jail with the CLI and the GUI without any luck.
In the GUI I have the default IPV4 gateway and nameserver 1 set to 192.168.5.1

For example
Code:
iocage create -n test2 ip4_addr="em0|192.168.1.232/24" defaultrouter="192.168.5.1" -r 11.2-RELEASE
iocage console test2
ping www.google.com


give the error
ping: ssend socket: Operation not permitted


From the host
Code:
iocage list                                                                                       
+-----+-------+-------+--------------+---------------+
| JID | NAME  | STATE |   RELEASE    |      IP4      |
+=====+=======+=======+==============+===============+
| -   | test  | down  | 11.2-RELEASE | 192.162.5.231 |
+-----+-------+-------+--------------+---------------+
| 3   | test2 | up    | 11.2-RELEASE | 192.168.1.232 |
+-----+-------+-------+--------------+---------------+
root@freenas[~]# ifconfig
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
    ether 08:00:27:41:88:35
    hwaddr 08:00:27:41:88:35
    inet 192.168.5.179 netmask 0xffffff00 broadcast 192.168.5.255
    inet 192.168.1.232 netmask 0xffffff00 broadcast 192.168.1.255
    nd6 options=9<PERFORMNUD,IFDISABLED>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 02:ef:0a:bd:ac:00
    nd6 options=1<PERFORMNUD>
    groups: bridge
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: vnet0:2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 6 priority 128 path cost 2000
    member: vnet0:1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 4 priority 128 path cost 2000
    member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 1 priority 128 path cost 20000
vnet0:1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: associated with jail: test
    options=8<VLAN_MTU>
    ether 02:ff:60:ae:1b:75
    hwaddr 02:53:d0:00:04:0a
    nd6 options=1<PERFORMNUD>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair
epair0b: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8<VLAN_MTU>
    ether 02:ff:60:ae:1b:76
    hwaddr 02:53:d0:00:05:0b
    ether 02:ff:60:ae:1b:76
    hwaddr 02:53:d0:00:05:0b
    nd6 options=1<PERFORMNUD>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
vnet0:2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: associated with jail: test
    options=8<VLAN_MTU>
    ether 02:ff:60:ae:1b:75
    hwaddr 02:53:d0:00:06:0a
    nd6 options=1<PERFORMNUD>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair


From the jail
Code:
root@test2:~ # ifconfig
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
    ether 08:00:27:41:88:35
    hwaddr 08:00:27:41:88:35
    inet 192.168.1.232 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 02:ef:0a:bd:ac:00
    groups: bridge
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: vnet0:2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 6 priority 128 path cost 2000
    member: vnet0:1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 4 priority 128 path cost 2000
    member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 1 priority 128 path cost 20000
vnet0:1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: associated with jail: test
    options=8<VLAN_MTU>
    ether 02:ff:60:ae:1b:75
    hwaddr 02:53:d0:00:04:0a
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair
epair0b: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8<VLAN_MTU>
    ether 02:ff:60:ae:1b:76
    hwaddr 02:53:d0:00:05:0b
    ether 02:ff:60:ae:1b:76
    hwaddr 02:53:d0:00:05:0b
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
vnet0:2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: associated with jail: test
    options=8<VLAN_MTU>
    ether 02:ff:60:ae:1b:75
    hwaddr 02:53:d0:00:06:0a
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair
root@test2:~ # ping www.google.com
ping: ssend socket: Operation not permitted


My inpression is that with 11.2 you don't need the tuneables anymore. I hope someone has an idea what I'm doing wrong.
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
You have two errors in jail test2:

1. It's static ip looks to be in the wrong subnet, shouldn't it be - 192.168.5.XXX ?
2. The ping command is not allowed in a jall unless the "allow.raw.sockets" is checked.

Rather than using iocage at the CLI, you ought to use the new UI.
 
Last edited:

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
I don't know how I missed the subnet issue. Thanks.
Just got accustomed to the using the CLI before 11.2 came out.

Are the tunables still needed in 11.2
cloned_interfaces bridge0
ifconfig_bridge0 addm em0 up
iocage_enable YES
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
I don't know how I missed the subnet issue. Thanks.
Just got accustomed to the using the CLI before 11.2 came out.

Are the tunables still needed in 11.2
cloned_interfaces bridge0
ifconfig_bridge0 addm em0 up
iocage_enable YES

I don't think so.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
In the advanced network adapter settings change promiscuous mode to allow all.
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
In the advanced network adapter settings change promiscuous mode to allow all.
I made that change to VBox but I still can't install transmission in the virtual machine. After runing ifconfig tun0 doesn't show up.
I read this and I'm still not sure if you need the preinit or not, but have removed the tunables and rebooted.
Code:
devfs rule -s 4 add path 'tun*' unhide

My jail is created with
Code:
iocage create -n "transmission" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="em0|192.168.5.232/24" defaultrouter="192.168.5.1" vnet="off" allow_raw_sockets="1" boot="on" allow_tun="1"
 

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
Works with promiscuous mode to allow all and no preinit no tunables. tun0 interface shows up. Thanks
 
Status
Not open for further replies.
Top