02:08:09 what is the last freebsd version? 02:25:18 warsoul: https://www.freebsd.org/news/newsflash/#2024-08-03:1 02:26:59 b2ag how i upgrade from FreeBSD14.0 to 14.1? 02:28:52 I have no clue. Only used FreeBSD by proxy in OpnSense and TrueNAS 😅 02:30:22 ok thanks 02:30:24 i just find out 02:48:45 https://pastebin.com/1JvpKXjn 02:49:00 im getting this error after doing upgrade from 14.0 to 14.1 02:49:06 what do i need to do here? 02:56:35 still no expert but I would try to edit /etc/pkg/FreeBSD.conf , decide between latest and quarterly (so delete the other line), remove the merge markers and try again 02:56:57 merge are this } 02:56:57 ? 02:57:09 "<<<<<<< current version" 02:57:13 ======= 02:57:16 >>>>>>> 14.1-RELEASE 02:57:36 ok remove the " on both url 02:57:37 ? 02:58:20 no, remove the lines with <=> I pasted and decide which of the two url lines should stay 02:59:42 if you want to avoid this in the future, use the lines in 14.0-RELEASE and make the change to latest in /usr/local/etc/pkg/repos/FreeBSD.conf 02:59:57 14.1-RELEASE* 03:00:20 llua what do i need tho change 03:00:20 ? 03:03:10 read the line before i response 03:04:44 delete: <<<<<<< current version, url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", ======= and >>>>>>> 14.1-RELEASE 03:10:21 ok 03:10:33 llua only delete the === & >>>> 03:15:59 llua it worked i think lol 03:30:46 https://pastebin.com/ZnT9ZfZP 03:30:53 im getting this error now 03:31:45 https://pastebin.com/uSY3jL7c 03:31:52 this is my FreeBSD.conf 04:06:47 lines 14 and 13 or 11 must be deleted 04:27:08 Hi all, I installed freebsd on my x220i today and I've been trying to set up sway. I've followed the documentation so far but when I launch sway none of the text displays correctly 04:32:25 https://imgur.com/a/1w4Xh8t 05:37:38 warsoul: the merge markers are the full line, not just the <<<<<<< / ======= / >>>>>>> 07:50:24 can anyone link me a good guide to openvpn in jails? 07:54:14 and apache24 07:54:32 basically i never used jailes before :f 08:02:34 in such case probably starting with a handbook is the way to go: https://docs.freebsd.org/en/books/handbook/jails/ 09:13:13 hadret: can you lead me through running apache in a jail? 09:19:11 mane do you want tools or do you want to use the base utils only? 09:19:19 idk 09:20:55 mane which FreeBSD are you on? and what file system are you using? 09:24:03 14 zfs 09:24:20 also i just started a basic classic jail and my networking froze :f 09:25:13 mane no worries. we'll go step by step 09:25:25 thank you 09:25:42 you can use Jailer (https://jailer.dev) which basically autogenerates the config files; or we can use the base tools, but things will be done manually 09:25:50 > choose your options 09:26:20 lets do this mainually 09:26:22 (I feel like a game from the 70s, like Zork) 09:26:39 good. let's create a Jail template, so you can use it multiple time 09:26:53 i've created a basic classic jail but when i started it my networking instantly froze and i had to reboot 09:27:12 start with creating a dataset for your jails; zfs create -o mountpoint=/usr/local/jail zroot/jails ; change path and pool as needed 09:27:57 mane are you on bare metal (laptop, desktop, bare metal server) or on a virtual instance ? 09:28:15 i'm doing that on my vps :f 09:28:36 yeah, then we'll make sure you don't loose connection :) single IP I assume? 09:28:43 yeah 09:28:55 single ip 09:30:00 let me know if the dataset is created 09:30:15 it is 09:30:16 then you can start creating a template; zfs create zroot/jails/14.0-RELEASE 09:30:23 or 14.1, if you're on that 09:30:43 created 09:30:54 then, we'll "install" the base system, but we will not boot it 09:31:02 ok 09:31:02 we'll start by fetching base 09:31:07 ok 09:31:20 how? 09:31:32 so like this: https://download.freebsd.org/releases/amd64/14.1-RELEASE/base.txz 09:31:52 if you're on arm, use arm64; or change version number as needed 09:32:21 got it 09:32:47 after the base is installed, we will extract it; tar xvf base.txz -C /usr/local/jails/14.1-RELEASE 09:33:38 s/installed/fetched 09:33:41 lol 09:34:15 ok got it 09:34:24 great! let's snapshot it so we can use it 09:34:34 zfs snap zroot/jails/14.1-RELEASE@base 09:34:49 i use 14.0 09:35:09 I hope you also fetched the correct base.txz, right? 09:35:17 i did 09:35:20 good 09:35:28 ok i got the snapshot 09:35:30 now can create a new thick jail 09:35:41 ok 09:35:53 zfs send zroot/jails/14.0-RELEASE@base | zfs recv zroot/jails/www0 09:36:04 this will make a replica of the base as www0 09:36:10 or choose your jail name as you want 09:36:31 ok i want it for apache so far 09:36:34 done 09:36:37 www0 it is 09:36:39 great! 09:37:10 now we need to choose; do you want VNET jails (it's own network stack); or old-school jails 09:37:19 I recommend VNET jails, they are more... host-like 09:37:27 but takes longer to configure 09:37:34 maybe i should use an automated tool instead :f 09:37:58 hahaha, maybe you should, but I recommend this manual way for the first time, just for you to understand the process 09:38:00 it's too much work and there will be trouble while upgrading freebsd 09:38:08 ok 09:38:13 [root@vlepy ~]# zfs send zroot/jails/14.0-RELEASE@base | zfs recv zroot/jails/www0 09:38:14 actually, when upgrading it will not matter at all, luckily! 09:38:19 thats what i did last 09:38:38 nice! okay since you want apache, it's better to use VNET jails 09:38:45 now we'll create a bridge interface, a switch 09:38:53 ok 09:39:03 also i have lunch in around 30 minutes 09:39:24 i can't skip it 09:39:29 oh we're done in 5 minutes 09:39:41 here's a switch config; sysrc cloned_interfaces="bridge0" 09:40:10 cloned_interfaces: lo1 -> bridge0 09:40:17 i had already a cloned interface 09:40:26 and here's it's address config; sysrc ifconfig_bridge0="inet 10.0.0.1/24" 09:41:14 ok done 09:41:22 [root@vlepy ~]# sysrc ifconfig_bridge0="inet 10.0.0.1/24" 09:41:23 ifconfig_bridge0: -> inet 10.0.0.1/24 09:41:39 actually, my bad, to make sure it always works, let's use this: ifconfig_bridge0="inet 10.0.0.1/24 up" 09:41:57 after that, we can start the switch! service netif start bridge0 09:42:15 if all is done right, then you will have `bridge0` interface when you look with `ifconfig` 09:42:26 if all is good, we can config the jail 09:42:33 -su: netif: command not found 09:42:48 it's `service netif start bridge0` 09:43:09 it works! 09:43:18 great! let's configure the jail 09:43:23 service jail enable 09:43:34 and finally, here's the config template 09:43:35 done 09:43:55 (does bsd.to still work? where can I paste) 09:44:13 paste.debian.net 09:44:48 maybe it's not bsd but it's a pretty good pastebi n 09:44:52 thanks! 09:45:54 here it is 09:45:57 https://antranigv.am/misc/mane/www0.conf.txt 09:46:33 save it in `/etc/jail.conf.d/www0.conf` 09:47:10 it basically creates an epair interface ; attaches the interface to bridge0; attached the other end of the interface to the jail; and boots 09:47:24 after you have the config there just run ; service jail start www0 09:47:33 hopefully all went fine! 09:47:45 what about host.hostname var in the config? 09:47:57 why is it "${name}.bsd.am" 09:48:04 you can do www0.yourhostname 09:48:07 well because bsd.am is mine 09:48:15 and I use jail name as subdomain 09:48:18 :P 09:48:42 ok 09:48:50 :q 09:48:51 the log file is a console log, if something fails at boot time, you can have a look at /var/log/jail-jailname.log 09:49:07 if all is done, you should have a jail! `jls` will show the jail 09:49:23 jail: www0: /sbin/ifconfig lo0 127.0.0.1 up: failed 09:49:48 that's the first command; I wonder if the jail path is not correct? 09:50:36 i think it's correct 09:50:46 # ls /usr/local/jails/ 09:50:46 14.0-RELEASE 14.1-RELEASE containers media templates www0 09:51:01 path = "/usr/local/jails/${name}"; 09:51:11 looks pretty correct 09:51:31 what about: ls /usr/local/jails/www0 09:51:42 nothing in there 09:51:54 zfs send/recv has been failed then; weird! 09:51:59 zfs list | grep base 09:52:08 nothing 09:52:21 snapshot failed? 09:52:30 if so the silently 09:52:32 then* 09:52:41 zfs list | grep 14.0 09:52:59 zroot/ROOT/14.0-RELEASE-p6_2024-08-05_131333 8K 20.1G 4.94G / 09:52:59 zroot/ROOT/14.0-RELEASE-p8_2024-08-05_132802 8K 20.1G 7.16G / 09:52:59 zroot/jails/14.0-RELEASE 96K 20.1G 96K /usr/local/jails/14.0-RELEASE 09:53:26 hah! 09:53:35 ls /usr/local/jails/14.0-RELEASE ? 09:53:49 nothing 09:54:09 whaaaa; extraction failed? 09:54:17 that would make sense! 09:55:21 this got me worried now 09:55:46 mane that means either the download failed (of the base.txz) or the extraction failed 09:55:50 everything else seems right 09:56:04 mane I'm having lunch time too in a bit; meet after lunch? 09:56:04 so what should i do now? 09:56:20 mane make sure it's extracted? there's a way for that 09:56:38 i wont have much time afte lunch but ok , just tell me whether it's sufficient to just redownload and re-extract data 09:56:56 mane yes it would be 09:57:02 mane and then re-follow the steps! 09:57:20 mane and ping me here if needed! 10:06:24 antranigv: are you back? 10:07:40 never left ;p 10:08:17 :D 10:08:26 i've wgeted wromg base system 10:10:05 [root@vlepy ~]# zfs snap zroot/jails/14.0-RELEASE@base 10:10:06 cannot open 'zroot/jails/14.0-RELEASE': dataset does not exist 10:10:15 antranigv: ^ 10:16:28 [root@vlepy ~]# service jail start www0 10:16:28 Starting jails: cannot start jail "www0": 10:16:28 ifconfig: interface epair10 already exists 10:16:28 jail: www0: ifconfig epair10 create up: failed 10:17:54 [root@vlepy ~]# service jail start www0 10:17:54 Starting jails: www0. 10:18:00 antranigv: ok i got it started 10:18:10 what now 10:18:38 back 10:18:39 okay 10:19:22 mane let's see what you have now; jls name ; ifconfig -l ; zfs list -t all | grep 14.0 10:19:44 [root@vlepy ~]# jls 10:19:44 JID IP Address Hostname Path 10:19:44 2 www0.vlepy.com /usr/local/jails/www0 10:20:09 [root@vlepy ~]# ifconfig -l ; zfs list -t all | grep 14.0 10:20:09 vtnet0 lo0 lo1 pflog0 tun0 bridge0 epair10a 10:20:09 zroot/ROOT/14.0-RELEASE-p6_2024-08-05_131333 8K 18.8G 4.94G / 10:20:09 zroot/ROOT/14.0-RELEASE-p8_2024-08-05_132802 8K 18.8G 7.16G / 10:20:09 zroot/jails/14.0-RELEASE 433M 18.8G 433M /usr/local/jails/14.0-RELEASE 10:20:10 zroot/jails/14.0-RELEASE@base 0B - 433M - 10:21:23 looks like 10:21:26 everythign is runngin 10:21:27 good job 10:21:33 thanks :D 10:21:38 what now? 10:21:41 mane try doing `jexec -l www0` 10:21:46 and you should be in the jails! 10:21:50 s/jails/jail 10:22:09 jexec: execlp: /usr/local/bin/bash: No such file or directory 10:22:15 oh 10:22:16 in that case 10:22:26 jexec www0 /bin/sh 10:22:38 yea got it 10:22:47 now this covers the jail itself, now if you want inet access, we will need to configure basic NAT 10:22:56 jail has no internet access 10:23:18 by the way, everything is covered in these two blog posts: https://antranigv.am/posts/2020/06/vnet-jail-howto/ ; https://antranigv.am/posts/2021/04/2021-04-20-07-02/ 10:23:25 now we'll do basic NAT 10:24:08 mane are you running any firewall right now? 10:24:17 yeah 10:24:20 pf 10:24:22 pf? ipfw? 10:24:23 good 10:24:26 just add this then 10:24:56 nat pass on vtnet0 inet from 10.0.0.0/24 to any -> vtnet0:0 10:25:08 and finally `service pf reload` 10:26:26 works :D 10:26:28 what now? 10:26:41 keep typing, i'll have a quick lunch 10:27:26 mane go back to the jail and try to... ping something? 10:27:49 idk; now you have a jail, it works, I guess you can `pkg install nginx` now 10:27:52 or apache, I think 10:28:09 oh you might want to make it accessible from outside, right? 10:28:53 rdr pass on vtnet0 inet proto tcp from any to vtnet0:0 port 80 -> 10.0.0.10 10:28:57 you get the idea 10:29:09 Yeah 10:29:25 I get it thank you a lot :D 10:29:37 You’re awesome :D 10:29:47 sure; anytime :) 10:37:16 <33 10:40:56 antranigv: dns is not resolving on the jail 10:41:28 mane `echo nameserver 9.9.9.9 >> /etc/resolv.conf` in the jail 10:41:41 i got it it's not working 10:42:29 it's not resolving 10:43:23 # echo 'nameserver 208.67.222.222' > /etc/resolv.conf 10:43:23 # ping google.com 10:43:29 and nothign 10:44:15 ping: Unknown host 10:44:23 weird 10:44:27 * antranigv thinking 10:44:33 ping 10.0.0.1 works, right? 10:44:51 if so, then can you share your host's pf.conf in a pastebin? 10:46:28 ping 8.8.8.8 works as well 10:47:05 antranigv: https://vlepy.com/~wsky/pf.conf 10:48:03 change to this 10:48:28 set skip on { lo0, bridge0, epair } 10:49:22 # ping google.comq 10:49:22 ping: Unknown host 10:49:45 mane you did reload pf, right? 10:49:56 can you ping IPs? like 208.67.222.222 ? 10:49:56 # ping google.com 10:49:56 ping: UDP connect: No route to host 10:50:11 huh a route issue! weird I thought I fixed that in the jail conf. my bad! 10:50:13 64 bytes from 208.67.222.222: icmp_seq=0 ttl=60 time=3.708 ms 10:50:28 oh that works! 10:50:30 nice! 10:50:32 antranigv: works 10:50:35 :D 10:50:41 antranigv: you're awesome!! 10:50:42 :D 10:50:45 thanks you so much :D 10:50:48 anytime! 10:50:55 /7/7 10:50:57 err 10:51:07 mane reboot the vm, just make sure all works fine *after* a reboot. 10:51:43 well gonna configure firewall and apache on the jail 10:51:58 it's bootstraping pkg right now 10:52:18 since the jail is *behind* the host, you can just configure things on host's pf 10:52:30 and for apache, a simple install, enable and start should do it 10:53:05 when you add the rdr, the jail's apache should be reachable from the outside world as well. 10:53:53 one more thing 10:53:57 the nat is very slow 10:54:12 i had this before on openvpn 10:56:45 mane common issue with vtnet interfaces 10:57:00 what should i do then? 10:57:02 mane try doing this: ifconfig vtnet0 -rxcsum -txcsum 10:57:15 your connection will be lost for a second and then it will be back 10:57:46 and the nat issue should be fixed 10:57:49 you're a wizard :D 10:58:07 how would i add the option at boot time? 10:58:16 more like a Jedi, but sure :P 10:59:09 mane oh yes; sysrc ifconfig_vtnet0+=" -rxcsum -txcsum" 10:59:34 thanks you :-) 11:01:24 Performing sanity check on apache24 configuration: 11:01:24 [Sat Aug 10 11:00:50.921580 2024] [:crit] [pid 70819] (2)No such file or directory: AH00141: Could not initialize rand 11:01:24 om number generator 11:01:24 Starting apache24. 11:01:39 antranigv: 11:02:01 idk about htis one 11:02:27 I haven't used apache in 10 years, but I think that's just a warning? I'm not sure 11:02:32 it didn't start huh? 11:02:37 service apache status ? 11:02:37 it failed to start 11:02:57 * antranigv thinking 11:03:20 in the jail, what happens if you do `ls /dev` ? 11:03:42 # ls /dev 11:03:43 null 11:03:47 ah 11:03:49 okay in that case 11:03:56 exit the jail and stop it; service jail stop www0 11:03:59 also, how will i configure the jailed apache to serve sites on various domains 11:04:34 and then let's add this into the jail.conf.d/www0.conf file: mount.devfs; 11:04:42 add that right below persist; 11:04:53 and then start the jail: service jail start www0 11:04:58 maybe we can add other things too? 11:05:09 nah devfs should be enough 11:12:22 One sec 11:17:20 wors antranigv 11:17:29 now what about domains? 11:17:49 mane right; that's outside of the scope of jails; basically you should point the domains to your server 11:17:53 and then configure apache to use virtual hosts 11:17:56 for each domain 11:17:56 also your firewall port redirection directives didnt work 11:18:15 antranigv: i got that working bt without jails ^^" 11:18:30 mane I don't think I saw it in your config; can you check or send the latest pf.conf? 11:18:34 mane oh then you get the idea! 11:18:49 basically all we did is create a jail, and then move all traffic of port 80 to the jail 11:18:54 yeah but the vm is isolated from the network 11:18:57 (well, it didn't work, let's check, lol) 11:19:05 it would be better if it didn't work behind nat 11:19:13 but used same interface as the host 11:19:41 can we use same ip on the vm as the host?\ 11:19:42 that would be, impossible, with one IP 11:19:54 for example, say your VM is 1.2.3.4 11:20:08 well if you have another IP, you can set it to the jail, say 1.2.3.5 11:20:57 otherwise you either have to do port redirection, or you have to... run web server on the host 11:23:03 ok i'll do the vm for openvpn then 11:23:06 and xonotic 11:23:18 what's xonotic? 11:23:28 an fps game like quake :D 11:23:43 mane that's cool! instlaling now 11:23:54 we wont play today 11:24:02 but we can tomorrow 11:25:14 god that's a big game 11:25:25 I hope the zip file has the mac version 11:26:00 can you give me a working redirection rule? 11:30:03 antranigv: 11:30:13 yes, lemme check my server 11:30:31 i will switch xontic to a jail asap 11:31:26 rdr pass on vtnet0 inet proto tcp from any to vtnet0:0 port 80 -> 10.0.0.10 11:31:33 do the same for other ports, such as 443 11:31:50 and when you create a xontic jail, do for it too 11:32:37 put this right *after* nat 11:34:23 [root@vlepy ~]# pfctl -f /etc/pf.conf 11:34:23 /etc/pf.conf:18: syntax error 11:34:23 pfctl: Syntax error in config file: pf rules not loaded 11:36:14 ok i got it working derp 11:36:26 was my fault, i've placed it on a wrong part of the file 11:36:30 thanks 11:40:00 antranigv: ok works great :D 11:40:09 lol 11:40:13 nice 11:40:23 antranigv: feel free to join my xonotic server vlepy.com :) 11:40:41 i will go nww, if i'll be able to work tomorrow for sure i will come again 12:07:31 mane: does xonotic server run on freebsd? 12:08:18 Yes, it even comes from the repository (-: 12:31:34 nimaje what should i delete? 12:46:48 hello fam 12:48:00 https://pastebin.com/ZnT9ZfZP 12:48:00 im getting this error now 12:48:00 https://pastebin.com/uSY3jL7c 12:48:00 this is my FreeBSD.conf 12:57:08 warsoul: to avoid merge conflicts in the future I suggest overriding stuff via /usr/local/etc/pkg/repos/FreeBSD.conf instead (but no idea why it couldn't merge correctly for you, afaik it should do a three-way merge) 12:57:45 check against the default version of that file to fix yours https://cgit.freebsd.org/src/tree/usr.sbin/pkg/FreeBSD.conf.quarterly 13:01:36 nimaje 13:01:52 fixed i erased 14.1-RELEASE 13:01:54 thank you 13:17:36 when im not using computer in a few minutes monitor will go black how can i change that? 14:54:58 antranigv: can I pass only one device from devfs to the VMware? 14:55:08 To the vm 14:55:13 mane what? o.O 14:55:27 Autocorrection 14:55:51 Can I pass only /dev/tun0 to the jail instead entire devfs 14:56:27 Because I want to make another jail just for openvpn 14:59:26 mane It seems we are trying to to the same thing at the same time. :) I didn't figure it out yet, I'm using tailscale. 14:59:46 I've got it running but with vnet 15:03:55 mane: you can add an entry to /etc/devfs.rules and then start the jail with that ruleset using the devfs.ruleset parameter 15:04:35 What entry? 15:07:42 i think i saw an example somewhere recently - let me check 15:07:49 Ok 15:10:59 https://github.com/28547939/vpncore/blob/main/jail/files/host/devfs.rules 15:11:55 i think that is also what i've done in the past, though i can't remember and not sure if i did the exact same thing 15:12:03 Thanks :3 15:12:22 Do we count jails starting with 0 or 1? 15:13:22 i think 1 15:36:51 not sure if you want tun* or just tun there actually 15:37:46