# EzJail network



## cgigeek (Aug 31, 2013)

I am having some problems with jails on 8.4 AMD64*.*

_F_rom _the_ host (which pings outside just fine):

```
# sysctl -a | grep jail.sy
security.jail.sysvipc_allowed: 1
```

_F_rom inside the jail after restarting it:

```
# ping localhost
ping: socket: Operation not permitted
# ping 4.4.4.4
ping: socket: Operation not permitted

sysctl -a | grep jail.sy
security.jail.sysvipc_allowed: 0
```

_R_elevant configurations per file:

rc.conf:

```
ezjail_enable="YES"
jail_sysvipc_allow="YES"
```

sysctl.conf:

```
security.jail.sysvipc_allowed=1
security.jail.allow_raw_sockets=1
security.jail.mount_allowed=1
```


```
# uname -a
FreeBSD ns2.gigegeo.com 8.4-RELEASE-p3 FreeBSD 8.4-RELEASE-p3
```

I went and tried:

```
export jail_*jailname*_com_parameters="allow.raw_sockets=1 allow.sysvipc=1"
```
to no avail*.*

*P*lease advi_s_e*.*


----------



## Beeblebrox (Sep 1, 2013)

The fact that you can ping from the host while you have set security.jail.sysvipc_allowed has no relevance, because this setting refers to the jail and has no control over host.

For ezjail, try to set in /usr/local/etc/ezjail/<jailname>

```
export jail_<jailname>_allow_raw_sockets="YES"
```


----------



## cgigeek (Sep 1, 2013)

This did the trick for 8.4:

```
export jail_*jailname*_parameters="allow.raw_sockets allow.sysvipc"
```


----------



## alfiqmiq (Mar 12, 2014)

Maybe this helps
Now from inside jail raw_sockets are 1.


```
cat /etc/jail.conf 
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
allow.noset_hostname;
firebird {
        jid = 1;
        path = "/v1/firebird/";
        mount.devfs;
        devfs_ruleset = 4;
        host.hostname = "firebird.lan";
        ip4.addr = 10.10.10.10;
        interface = lo1;
        allow.raw_sockets;
}
```


----------

