ping: socket: Operation not permitted
1,274 views
Skip to first unread message
bre...@gmail.com
Oct 9, 2015, 6:22:32 PM10/9/15
to iocage
Hi,
I'm rather new to FreeBSD and Jails so don't don't be too hard on me. I've got a fresh FreeBSD 10.2-RELEASE installation with ZFS. Right after the installation I've updated the base system and installed iocage. I've executed `iocage fetch` and allowed raw sockets for jails on the host (`sysctl security.jail.allow_raw_sockets=1`). After that I've create a jail with `iocage create -c tag=myjail ip4_addr="bge0|10.1.1.10/24"`. bge0 is my network interface and after the creation there is an additional inet entry for the new IP. Everything fine so far - the jail can be started, but I can't ping from the jail. I always get the response "ping: socket: Operation not permitted".
I'm sure it's only a small detail I've missed, but I'm stuck.
Thanks!
Jochen
I'm rather new to FreeBSD and Jails so don't don't be too hard on me. I've got a fresh FreeBSD 10.2-RELEASE installation with ZFS. Right after the installation I've updated the base system and installed iocage. I've executed `iocage fetch` and allowed raw sockets for jails on the host (`sysctl security.jail.allow_raw_sockets=1`). After that I've create a jail with `iocage create -c tag=myjail ip4_addr="bge0|10.1.1.10/24"`. bge0 is my network interface and after the creation there is an additional inet entry for the new IP. Everything fine so far - the jail can be started, but I can't ping from the jail. I always get the response "ping: socket: Operation not permitted".
I'm sure it's only a small detail I've missed, but I'm stuck.
Thanks!
Jochen
Brandon Schneider
Oct 9, 2015, 7:23:38 PM10/9/15
to bre...@gmail.com, iocage
Forgot to CC list :(
Begin forwarded message:From: Brandon Schneider <brandonsc...@gmail.com>Date: October 9, 2015 at 6:22:35 PM CDTTo: bre...@gmail.comSubject: Re: ping: socket: Operation not permittedYes you missed a small detail ;) You are setting that on the host. iocage will do that for you. When you create a jail do "allow_raw_sockets=“1”” if you want them. You can even set them on a jail later. I would suggest reading our manpage/iocage help if you can’t figure out what name we mapped a jail property too.- Brandon
--
You received this message because you are subscribed to the Google Groups "iocage" group.
To unsubscribe from this group and stop receiving emails from it, send an email to iocage+un...@googlegroups.com.
To post to this group, send email to ioc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/iocage/e7a21f42-bbbf-4ebf-8581-3166bae8cf6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
bre...@gmail.com
Oct 10, 2015, 10:30:20 AM10/10/15
to iocage, bre...@gmail.com
Thanks Brandon, that was the problem! Really nice, that you can do that on a per jail base.
Brandon Schneider
Oct 10, 2015, 4:47:01 PM10/10/15
to bre...@gmail.com, iocage
No problem :)
To view this discussion on the web visit https://groups.google.com/d/msgid/iocage/a34f7859-ab99-48e9-90fb-2bd4f8fe4f85%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages