# Ports protocol not supported



## gpatrick (Nov 1, 2009)

Ports are mounted nullfs to my jails and when trying to install any ports it responds with "protocol not supported."

What could be causing this? Thanks.


----------



## DutchDaemon (Nov 1, 2009)

Which exact command triggers that error?


----------



## gpatrick (Nov 1, 2009)

One jail is for bind and I did mount_nullfs /usr/ports /usr/jails/bind/usr/ports

Then i 'ezjail-admin console bind' and 'cd /usr/ports/dns/bind96' and run 'make install clean'

Then it attempts to download the bind*tar.gz: fetch from ftp://ftp.isc.org/isc/bind9/9.6.1/bind-9.6.1-P1.tar.gz: Protocol not supported

Then goes to the next site and gives the same message.


----------



## DutchDaemon (Nov 1, 2009)

So it's basically 'make fetch' that causes the problem. I suspected this, because no 'protocols' are involved in the make process, only in downloading the tarball(s). 

You'll have to find out why your jail can't connect to the outside world, but as a workaround you can run [cmd=]make fetch-recursive[/cmd] in the port directory on the host system, and then run [cmd=]make install clean[/cmd] inside the jail.


----------



## gpatrick (Nov 1, 2009)

The 'make fetch-recursive' on the host system won't install on the host system and only does the fetch.  Nice.  Thank you very much.

The only rule I have in my pf.conf on the host system is 'nat on bge0 from 192.168.1.0/32 to any -> (bge0)'

On the host /etc/rc.conf there is 'ifconfig_bge0="inet 192.168.1.1 netmask 255.255.255.0"'
Then the jails alias 'ifconfig_bge0_alias0="inet 192.168.1.20 netmask 255.255.255.255"' in /etc/rc.conf on host.

Jails can ping 192.168.1.1


----------



## DutchDaemon (Nov 2, 2009)

Do you have any internet connectivity from the jails?


----------



## gpatrick (Nov 2, 2009)

In one jail where I have nginx it downloaded the nginx tar but failed on pcre and nothing since then has worked in any jail.

bge0 is the second interface.  There is another bge1 that is on 192.168.255.2 that is on the host system.  But my nat rule should be for the jails interface bge0 right?

```
host system /etc/rc.conf:
ifconfig_bge1="inet 192.168.255.2 netmask 255.255.255.0" \
  defaultrouter="192.168.255.1"
ifconfig_bge0="inet 192.168.1.1 netmask 255.255.255.0"
hostname="golf.my.local"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
gateway_enable="YES"
#sshd_enable="YES"
syslogd_flags="-ss"
dhcpd_enable="YES"
dhcpd_ifaces="bge0"
#named_enable="YES"
#named_flags="-u bind"
inetd_enable="NO"
#inetd_flags="-wW -C 60 -a 192.168.10.1"
rpcbind_enable="NO"
portmap_enable="NO"
cron_flags="$cron_flags -J 15"
sendmail_enable="NONE"
clear_tmp_enable="YES"
kern_securelevel_enable="YES"
kern_securelevel="1"

ezjail_enable="YES"
jail_interface="bge0"
jail_set_hostname_allow="YES"
jail_devfs_enable="YES"
jail_procfs_enable="YES"
jail_fdescfs_enable="YES"
jail_sysvipc_allow="YES"
jail_socket_unixiproute_only="YES"

jail_list="reverseproxy mail ns"
ifconfig_bge0_alias0="inet 192.168.1.22/32"
ifconfig_bge0_alias1="inet 192.168.1.20/32"
ifconfig_bge0_alias2="inet 192.168.1.21/32"

jail_nginx_rootdir="/usr/jails/reverseproxy"
jail_nginx_hostname="reverseproxy.my.local"
jail_nginx_ip="192.168.1.22"
jail_nginx_exec="/bin/sh /etc/rc"
#jail_ngnix_devfs_ruleset="devfsrules_jail"

jail_mail_rootdir="/usr/jails/mail"
jail_mail_hostname="mail.my.local"
jail_mail_ip="192.168.1.20"
jail_mail_exec="/bin/sh /etc/rc"

jail_ns_rootdir="/usr/jails/ns"
jail_ns_hostname="ns.my.local"
jail_ns_ip="192.168.1.21"
jail_ns_exec="/bin/sh /etc/rc"
```


----------



## DutchDaemon (Nov 2, 2009)

Ah, I had a closer look ..


```
nat on bge0 from 192.168.1.0[B]/32[/B] to any -> (bge0)
```

This will only NAT 192.168.1.*0*, nothing else. Try */24*.

But then again, where is the connection to the Internet? Is bge0 connected to an Internet router/modem where the final NAT takes place? In that case the NAT rule on bge0 should only apply to traffic not originating on bge0. The host IP and the jail IP should just traverse bge0 unaltered to be NAT'ed elsewhere (on the Internet gateway). I guess we could use a network diagram now ...


----------



## gpatrick (Nov 2, 2009)

/24 was it.  THANK YOU!


----------



## DutchDaemon (Nov 2, 2009)

Hm. Well, ok


----------

