# internet in jail



## graudeejs (May 8, 2009)

Today I started learning jails....
I use my pc as desktop...
in jail i will be compiling ports.

i have started jail, but can't figure out how to connect it to internet.

/etc/rc.conf on host

```
# i'm behind router
ifconfig_rl0="inet 192.168.128.100 netmask 255.255.255.0"
defaultrouter="192.168.128.1"
hostname="192.168.128.100"
# alias for jail
ifconfig_rl0_alias0="inet 192.168.128.98 netmask 255.255.255.0"

#from handbook
sendmail_enable="NO"
inetd_flags="-wW -a 192.168.128.100"
rpcbind_enable="NO"

jail_enable="YES"
jail_list="test"

jail_test_hostname="test"
jail_test_rootdir="/jails/test/root"
jail_test_ip="192.168.128.98"
jail_test_exec="/bin/sh /etc/rc"
jail_test_devfs_enable="YES"
```

I'm not 100% sure what should i write in /etc/resolv.conf in jail
but i have

```
nameserver 192.168.128.1
```

when i try to ping something i get

```
ping: socket: Operation not permitted
```

please help....


----------



## vivek (May 8, 2009)

By default ping is disabled inside a jail. From host type the following:

```
sysctl security.jail.allow_raw_sockets=1
jexec ID csh
ping freebsd.org
```

Try with host command, if you are not willing to give ping access for jail:

```
host freebsd.org
```

If above failed, than you need to take help of pf or other firewall to route traffic from the jail to host and finally, to the Internet via your ISP router.


----------



## graudeejs (May 8, 2009)

great, thank you for info 
man, and i was searching for answer for few hours.....


Out of curiosity: Why is raw sockets are disabled by default? (i know for security, but why?)


----------



## vivek (May 8, 2009)

raw sockets is an open invitation for crackers to do all sort of nasty things using nc or perl / php. So by default this option is disabled.

From man page:


> Since raw sockets can be used to configure and interact with various network subsystems, extra caution should be used where privileged access to jails is given out to untrusted parties.


----------

