# Cannot connect to internet from jail



## Mike G (Feb 21, 2022)

fbsd1 said:


> Yea ezjail man pages are very poorly documented. There are 3 things your jail has to have to be accessable from the public network. 1. a copy of the hosts /etc/resolv.conf  2, The ezjail-admin create must use the public ip address.  3. the /etc/rc.conf must contain the same ifconfig_xxx="DHCP" statements as used in the host to connect to the public network.
> 
> Then pkg_add -r will work. But ping is restricted from working inside of any jail by design. I use whois or dig commands to test for network access in place of ping.
> 
> Here are my versions of the ezjail man pages I wrote for my own use. You may find them helpfull.


Hi just a quick question, when you talk about the public ip do you mean the public ip assigned to my router/whole network by my ISP 
or the IP of my machine as assigned by my router?


----------



## SirDice (Feb 21, 2022)

[_Mod: post split off from a 10 year old thread_]

I suggest not using EZJail or Qjail. Both are old and haven't seen an update in a really long time. The cracks are starting to show.


----------



## Alain De Vos (Feb 21, 2022)

bastille is known to work good.

Otherwise i use a plain /etc/jail.conf with an easy:

```
ip4 = inherit;
ip6 = inherit;
```


----------



## covacat (Feb 21, 2022)

echo "$10" >/proc/guardian
for 5 mins of internet access


----------



## freezr (Feb 24, 2022)

SirDice said:


> [_Mod: post split off from a 10 year old thread_]
> 
> I suggest not using EZJail or Qjail. Both are old and haven't seen an update in a really long time. The cracks are starting to show.



So what do you suggest then?

I am using ezjail for testing to keep my OS clean, and I found it easier to handle than bare jails.


----------



## SirDice (Feb 24, 2022)

tgl said:


> I am using ezjail for testing to keep my OS clean, and I found it easier to handle than bare jails.


I'm almost done migrating all my old EZJail jails to sysutils/bastille. So far I really like the way bastille is set up. Bastille also allows you to use different versions for your "base" jails. So it's easy to create 12.3-RELEASE and 13.0-RELEASE based jails on the same machine. The template infrastructure proved to be quite useful too.









						BastilleBSD
					

Bastille is an open-source system for automating deployment and management of containerized applications on FreeBSD.




					bastillebsd.org


----------



## freezr (Feb 24, 2022)

SirDice any thoughts on IOCage?


----------



## SirDice (Feb 24, 2022)

tgl said:


> any thoughts on IOCage?


Seems popular. Does bhyve(8) too I believe. Never used it myself.


----------



## freezr (Feb 24, 2022)

SirDice said:


> Seems popular. Does bhyve(8) too I believe. Never used it myself.



The Bastille documentation is very well done and even though I am simply hobbyist looks quite feasible. I really would like to move the nginx server and the gmid server on two separates containers for leisure as well for security.


----------



## astyle (Feb 24, 2022)

FWIW, the Handbook still has a section on sysutils/ezjail at time of this post. Maybe someone could re-write it for sysutils/bastille?


----------



## grahamperrin@ (Feb 27, 2022)

sysutils/mkjail simplifies some aspects of working with jails. 

<https://github.com/mkjail/mkjail#origins>


----------

