Thank you very much for your answer. It helped me understand some elements. But portsnap still doesn't work.
>> So, I can't contact DNS servers able to translate www.freebsd.org to >> its ip. Since I know this ip, I tried : "ping 69.147.83.33". This >> time, the error message is : >> >> ping: socket: Operation not permitted >ping(1) uses raw sockets in order to be able to send and >receive ICMP packets. By default, raw sopckets or disallowed >in jails. To change that, use this command on the host: >sysctl security.jail.allow_raw_sockets=1 >Add an entry to /etc/sysctl.conf so the setting will survive >reboots. I did it but ping still doesn't work. >> 192.168.1.38 is the host's ip so I use 127.0.0.1 for the jail. >Well, localnet addresses are not routed. If you give your >jail a localnet address, it won't be able to access the >network outside of the host. (Unless you take measures >to rewrite/translate the addresses and forward them.) >That's why DNS and portsnap don't work. >I suggest using the address 192.168.1.38 for the jail, >at least during installation. Make sure that the file >/etc/resolv.conf inside the jail is correct, so DNS will >work. Copying it from the host should be sufficient. Isn't 192.168.1.38 a localnet address too ? Do you mean I should use the public ip of my computer here ? > By the way, you don't have to build ports inside the jail. > Of course you *can* do that, but there are other ways, too. > For example, you could build packages (apache etc.) on > the host, or in a different jail, or even on a different > machine, and then use pkg_add(8) inside your jail to > install them. I prefer doing that way. I will use apache later so I will have to connect the jail to internet anyway. >> And also how the computer knows which data is for the jail and which >> one is for the loopback. >Services (such as apache) listen on certain ports for >connections. For example, the default port for the HTTP >protocol is 80. So, when someone is trying to open a >connection to your IP address on port 80, your kernel >looks it up in its table of listening TCP sockets and >find the apache process which is running inside the jail. >So the connection is handed to the jail. >(This is a bit oversimplifying, but basically that's how >it works.) OK. This is clear. And it explains how multiple jails can share the same address. >> Despite the sshd_enable="YES" line, I can't ssh from the host to the >> jail. Well, I can... The first time I did it, I was asked if I wanted >> to add the jail to the list of known hosts. I did it. No problem >> there. But, immediatly after that, instead of displaying "login :", >> the system displayed "passwd :". >That's normal. ssh never asks for the login. You can use the -l >option if you need to specify a different user name (or put it in your >~/.ssh/config). Of course. I'm loosing my mind with all that jail trouble. It works perfectly well with le -l option. > Some paranoid people have a special "login jail". They > ssh into the login jail, then log into the host or into > other jails from there. The host accepts ssh only from > localhost. But please forget this immediately; we don't > want to make things more complicated than necessary. I thought it was intended to be impossible to access the host from the jail. But you're right : I'll forget that. So, we're progressing. But the problem is not over yet. Any other idea ? Have a good evening, anyway. Brice _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"