# halfway there, dns doesn't work inside my jail on amazon ec2



## gideondsouza (Feb 24, 2013)

I posteda question a little earlier but I've been trying all night and I've made some progress but still I can't connect to the internet from my jail. Please just give me a hint here.

I get the following if I do `# nslookup [url]http://www.google.com[/url]` : 


```
;; connection timed out; no servers could be reached
```

So, I can't seem to install stuff inside the jail. *OR*, is there any way I can install perl on my host system and copy it into the jail?? In the end I just need this stuff installed and then I want my jail off the internet.

I tried various things, from the plain (1) jail command, (2) ezjail and finally (3) qjail. Also did a clean checkout of the freebsd source and did a buildworld.

This is my network config [CMD=""]ifconfig -a[/CMD]:


```
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
xn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=503<RXCSUM,TXCSUM,TSO4,LRO>
        ether 12:31:39:1c:f0:bf
        inet 192.168.1.101 netmask 0xffffffff broadcast 192.168.1.101
        inet 192.168.1.102 netmask 0xffffffff broadcast 192.168.1.102
        inet 10.110.238.77 netmask 0xfffffe00 broadcast 10.110.239.255
        inet 10.0.0.1 netmask 0xffffffff broadcast 10.0.0.1
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet manual
        status: active
```

This is the rest of my system:

[CMD=""]cat /etc/rc.conf[/CMD]


```
# EC2 uses DHCP; the network interface appears as xn0.
ifconfig_xn0="DHCP"

### Standard FreeBSD configuration from here onwards.
sshd_enable="YES"
ezjail_enable="YES"

#for custom configs I hand made
ifconfig_xn0_alias0="inet 192.168.1.101/32"
ifconfig_xn0_alias1="inet 192.168.1.102/32"

pf_enable="YES"
```

[CMD=""]cat /etc/pf.conf[/CMD]


```
ext_if="xn0" ##my network interface
MY_JAIL="10.0.0.1"
#redirect http traffic to daltons jail
rdr pass on $ext_if inet proto tcp to port http -> $MY_JAIL port http
#enable outgoing traffic from jail to the internet via NAT
nat on $ext_if from $MY_JAIL to any -> $ext_if
```

Any ideas, clues or hints?!


----------



## SirDice (Feb 25, 2013)

Bind the 192.168.1.0/24 addresses to lo1 and set up NAT on the external interface.

You're trying to talk to the outside world on IP addresses that aren't routed.


----------

