FreeBSD : Configuration réseau d'un jail sous Bastille

1/ Désactivation permanente de PF.

root@station66:/usr/home/util01 # sysrc pf_enable=BO
root@station66:/usr/home/util01 # service pf stop

2/ Création d'une interface loopback lo3.

root@station66:/usr/home/util01 # sysrc cloned_interfaces+=lo3
cloned_interfaces: lo1 lo2 -> lo3
root@station66:/usr/home/util01 # service netif cloneup
Created clone interfaces: lo3.

3/ Arrêter Bastille.

root@station66:/usr/home/util01 # service bastille stop
Stopping Bastille Jail: ALL
pfctl: /dev/pf: No such file or directory
pfctl: /dev/pf: No such file or directory
rdr-anchor not found in pf.conf
alcatraz: removed

root@station66:/usr/home/util01 # 

4/ Configuration réseau du jail.

Ouvrir :


chercher :

  interface = bastille0;
  ip4.addr =;

Remplacer par :

  ip4.addr         = 'lo3|';
  ip4.addr        += 'msk0|';

5/ Vérification.

root@station66:/usr/home/util01 # ifconfig
msk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 00:16:d3:65:58:d6
    inet netmask 0xffffff00 broadcast
    inet netmask 0xffffffff broadcast
    inet netmask 0xffffffff broadcast
    media: Ethernet autoselect (100baseTX <full-duplex,flowcontrol,rxpause,txpause>)
    status: active

6/ Redémarrer Bastille.

root@station66:/usr/home/util01 # service bastille start

7/ Test.

util01@station66:~$ ssh util01@
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:B3Js9g40tsLBtOO985UTWLzEQ+WcsqEHfivw4ifyjJ0.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/util01/.ssh/known_hosts).
Password for util01@alcatraz:
Are you looking for a package? Search for it with
"pkg search part_of_package_name"

        -- Lars Engels <>
util01@alcatraz:~ $ 

8/ Test.

util01@alcatraz:~ $ sudo pkg install links
util01@alcatraz:~ $ links