# pkg -j first _jail install does not work



## Aruns (Jun 10, 2020)

Hi All, I am new to jail and am learning; I have created few jails,

```
root@FreeBSD113:~ # jls
   JID  IP Address      Hostname                      Path
     1  10.0.0.6        y_jail                        /usr/jails/y_jail
     2  10.0.0.2        firts_jls                     /usr/jails/firts_jls
```
am trying to install python on a jail

```
root@FreeBSD113:~ # pkg -j firts_jls install python3
Updating FreeBSD repository catalogue...
pkg: http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/meta.txz: No address record
repository FreeBSD has no meta file, using default settings
pkg: http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/packagesite.txz: No address record
Unable to update repository FreeBSD
Error updating repositories!
```
The VM has internet connection. Please suggest me the work around to fix this.


----------



## SirDice (Jun 11, 2020)

"No address record" indicates problems with DNS name resolving. Check your /etc/resolv.conf.


----------



## chrbr (Jun 11, 2020)

Dear Aruns,
I assume that the jails just have the lo1 address. I have that setup as well. The problem is how to communicate with the outer world via your hosts network interface. There are three options I am aware of.

Assign an additional address of the hosts interface to the jail.
Use NAT to let packets transfer from and to the jails interface lo1.
Use proxies on the host which listen at lo1.
I am describing the third path. The reason is that I like dns/unbound to do filtering based on host files. Additionally I have used www/privoxy for http filtering, too. Both proxies can listen on various interfaces.

For dns/unbound you need the package or port. The is a local unbound in the base system, but it cannot be configured to listen elsewhere (if I am not wrong).

/usr/local/etc/unbound/unbound.conf is the configuration file. Please add to the appropriate sections

```
interface: 10.0.0.1
access-control: 10.0.0.0/8 allow
```

For http I have switched to www/squid.
/usr/local/etc/squid/squid.conf is the configuration file. Just add

```
acl localnet src 10.0.0.0/8
shutdown_lifetime 1 seconds
pinger_enable off
```
The first line allows www/squid listen to lo1. The second line let www/squid terminate faster when you shutdown your computer. I do not remember what the third line was good for or if it is necessary or not.

The jail of course has to know there to ask for DNS resolution. This is configured in /usr/jails/YOURJAIL/etc/resolv.conf as

```
nameserver 10.0.0.1
```

Now you have pkg() in the jails where to look at. The configuration is /usr/jails/YOURJAIL/usr/local/etc/pkg.conf. Please add

```
pkg_env: {
        http_proxy: "http://10.0.0.1:3128",
}
```
This is where www/squid should listen to. 3128 is the default port number. The repository is configured in /usr/jails/YOURJAIL/usr/local/etc/pkg/repos/FreeBSD.conf. On my system it is

```
FreeBSD: {
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}
```
.

If you have configured and started www/squid and dns/unbound `netstat -a -p tcp -n` and `netstat -a -p udp -n` should show the proxies listening to their ports.

To start www/squid and dns/unbound at boot time add

```
squid_enable="yes"
unbound_enable="yes"
```
to /etc/rc.conf. For testing you can start them using `service start squid` and stopping by `service stop squid`. Type `onestart` and `onestop` if the entries are not yet in /etc/rc.conf.

I hope I have not forgotten anything. EDIT: What popped up into my mind: I am not 100% sure if I have had to assign an adress of the hosts interface temprorary,  just for the very first `pkg -j YOURJAIL something` when pkg has not yet been present in the jail. I will try that these days. EDIT2: I have just tried it using a brand new jail, there is no need for that.


----------

