# Services whithin jails no longer accessible after upgrade to version 13.0



## GTeley (Jul 21, 2021)

After upgrading a virtual FreeBSD 12.2 system to 13.0-p3, traffic to services within jails (through Apache 2.4 reverse proxy) was blocked.
This is a Hyper-V virtual server and the second one that shows the same problem (the other one being a commercial VPS, hypervisor type unknown).

At first, I thought it would be a PF problem, as stopping PF solved the problem.
I looked for blocked traffic within the PF logs but couldn't find anything.

Later on, I noticed that creating a new jail (with ezjail) didn't work because the soft links weren't created.
Also, accessing the services within the jails didn't work either, wereas this isn't a problem in 12.2 jails.

As a test, I created a new physical v13 server from scratch and configured it as the upgraded one. Everything worked as it should.
Second, I created another Hyper-V virtual system (on the same host) and installed it from scratch and configured it as the upgraded one (copied /etc/rc.conf and /usr/local/etc/pf_rules containing my firewall rules and changed the IP addresses). All this worked as it should.

So I'm stuck with several v12.2 systems I would like to upgrade to v13.0, but 2 attempts failed on the same issue: services within jails are no longer accessible.
It looks like it has something to do with PF (as stopping it solves the issue) but then again it doesn't (as the same config on a freshly installed system works fine).
As setup and configuration are identical, I can't find anything that causes this.

Is there another way to find out what's going wrong here? (like some other logging I could enable to see why creating a new jail gives no errors but renders a non-working jail because the links to /basejail/* aren't created)


----------



## GTeley (Jul 23, 2021)

In the end it turns out to be an ezjail problem.
Having uninstalled and cleaned the ezjail package and reinstall it, everything works.


----------



## SirDice (Jul 23, 2021)

Honestly I would advise to use a different jail management tool. Ezjail certainly was a great tool but development on it stopped years ago and never switched over to the jail.conf style configuration. Those old variables still work on 13.0 but produce a bunch of deprecation warnings and support for it might be removed some day. 

I've been slowly migrating all my old ezjail jails to sysutils/bastille and I'm very happy with it.


----------



## GTeley (Jul 23, 2021)

Thanks, I'll take a look into it. I was already opting for iocage but didn't know bastille.


----------

