From owner-freebsd-jail@FreeBSD.ORG Mon Nov 22 11:07:08 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 07BBB1065673 for ; Mon, 22 Nov 2010 11:07:08 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E8CB78FC2E for ; Mon, 22 Nov 2010 11:07:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oAMB77f6051737 for ; Mon, 22 Nov 2010 11:07:07 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oAMB77s4051731 for freebsd-jail@FreeBSD.org; Mon, 22 Nov 2010 11:07:07 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 22 Nov 2010 11:07:07 GMT Message-Id: <201011221107.oAMB77s4051731@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Nov 2010 11:07:08 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/150599 jail [patch] /etc/rc.d/jail does not set jailname. o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 8 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Nov 22 18:03:48 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5DEDF1065672; Mon, 22 Nov 2010 18:03:48 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 340508FC1D; Mon, 22 Nov 2010 18:03:48 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oAMI3mEC092609; Mon, 22 Nov 2010 18:03:48 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oAMI3mY4092605; Mon, 22 Nov 2010 18:03:48 GMT (envelope-from linimon) Date: Mon, 22 Nov 2010 18:03:48 GMT Message-Id: <201011221803.oAMI3mY4092605@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: conf/152465: [jail] [patch] devfs is mounted in jails without rules if devfs.rules can't be parsed X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Nov 2010 18:03:48 -0000 Old Synopsis: [jail] devfs is mounted in jails without rules if devfs.rules can't be parsed New Synopsis: [jail] [patch] devfs is mounted in jails without rules if devfs.rules can't be parsed Responsible-Changed-From-To: freebsd-bugs->freebsd-jail Responsible-Changed-By: linimon Responsible-Changed-When: Mon Nov 22 18:03:36 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=152465 From owner-freebsd-jail@FreeBSD.ORG Wed Nov 24 03:28:25 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4782D106566C for ; Wed, 24 Nov 2010 03:28:25 +0000 (UTC) (envelope-from danieljfaulknor@gmail.com) Received: from mail-gx0-f182.google.com (mail-gx0-f182.google.com [209.85.161.182]) by mx1.freebsd.org (Postfix) with ESMTP id 00C248FC1A for ; Wed, 24 Nov 2010 03:28:24 +0000 (UTC) Received: by gxk8 with SMTP id 8so349583gxk.13 for ; Tue, 23 Nov 2010 19:28:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:content-type :content-transfer-encoding:subject:date:message-id:to:mime-version :x-mailer; bh=WU8PYb2SDfuNJXLo+dYEN0dEd5btZcrDpYAjvF12548=; b=ZPsQBucuwdtrhV3NH1HbZF2v1fSATx++B53MCbj6QY03znPaKR/nnTDwagLelLSW8F AKDuOe8N6Omy22Zu2LWDqY2tjFukOUTsSsLiCnatthYAxmoSbKbfsJaE5AeybXI1MIm5 owb9UiU+P47p+Tv2Q5ilT8M9eWR3rEdjg693U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; b=TnVbPTRWUMAqGtUjcw2mMcfFpkjk+R1eFzfXhhkHadf1Jq2hS06K9vaF7nw8TTwtsx UT9WWpChk3I7K9NSfcsr0tF5Zo/3PI3vUi95dmMhtzc4JT1/ScXNHgO21vRQtgRpi7Mw ZZfILcC2OsJipjGw5bjrO9uWYLznfZ3qnMy50= Received: by 10.101.7.26 with SMTP id k26mr5646616ani.220.1290567672322; Tue, 23 Nov 2010 19:01:12 -0800 (PST) Received: from [192.168.71.127] (ip-120-136-51-245.solarix.net.nz [120.136.51.245]) by mx.google.com with ESMTPS id d15sm1481193ana.35.2010.11.23.19.01.10 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 23 Nov 2010 19:01:11 -0800 (PST) From: Daniel Faulknor Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Wed, 24 Nov 2010 16:00:52 +1300 Message-Id: <308892AD-8DFD-4E2E-AFE2-A7671068B79A@gmail.com> To: freebsd-jail@freebsd.org Mime-Version: 1.0 (Apple Message framework v1081) X-Mailer: Apple Mail (2.1081) Subject: Multiple Subnets/interfaces X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Nov 2010 03:28:25 -0000 Hi, I have a FreeBSD server with two interfaces, both on different physical = networks. I want to have some jails on each network.=20 # This file now contains just the overrides from /etc/defaults/rc.conf. hostname=3D"fs1.akl1.generatornz.com" ifconfig_bce0=3D"inet 120.xxx.52.2/28" ifconfig_bce0_alias0=3D"inet 120.xxx.52.3/32" ifconfig_bce0_alias1=3D"inet 120.xxx.52.4/32" ifconfig_bce0_alias2=3D"inet 120.xxx.52.6/32" ifconfig_bce1=3D"inet 120.xxx.55.146/25" ifconfig_bce1_alias0=3D"inet 120.xxx.55.147/25" defaultrouter=3D"120.xxx.52.1" I have added this to my pf: pass out route-to ($ext_if 120.xxx.55.129) from 120.xxx.55.147 to ! = 120.xxx.55.128/23 I can ping 120.xxx.55.147, but i can't connect to any services that = netstat is showing that is running: Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address = (state) tcp4 0 0 ip-120-136-55-14.ssh *.* LISTEN tcp4 0 0 ip-120-136-55-14.http *.* LISTEN tcp4 0 0 ip-120-136-55-14.9000 *.* LISTEN Can anyone give me any tips? Cheers Daniel= From owner-freebsd-jail@FreeBSD.ORG Thu Nov 25 10:24:01 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 39D2C106567A for ; Thu, 25 Nov 2010 10:24:01 +0000 (UTC) (envelope-from reddvinylene@gmail.com) Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id E5B438FC0C for ; Thu, 25 Nov 2010 10:24:00 +0000 (UTC) Received: by qwb8 with SMTP id 8so806084qwb.13 for ; Thu, 25 Nov 2010 02:24:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=BDf6izulLDB6QLpBACqvs4LVkyIKQ0KCmTmSQqkvV7k=; b=jaKuCZqCn0sY5WITGaaEWUX9YB69gwH1E8uYuolkwkOEmNxm7S5RSyHVmeH+7av7qL b7Irh/xBUcD/7ws82m52dnOk1yWW7f+w7WjOGKhzJhiKl6nMbfjovRp8Brruv7Nx0ih/ zXWIR5jhH2f4gxfuiIwZXU/QOmCYzf+zjbYjQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=YqBGsd2dYwoHEqCAbURQj8VM+s9HR5kJVVzjpoEZqD7f5Nz2y85JhqrUfrscdFDB0n xe6dK2UzhXbC8gAhGmxIY9Ila3r5I3hiz2YRsH/whh84mqGJB6RaZVZNNvnTrfo4gsJl guxzOx7jNJypNGAZrVwheUG0vWoLdA6wJvQl4= MIME-Version: 1.0 Received: by 10.229.184.141 with SMTP id ck13mr518553qcb.107.1290679222216; Thu, 25 Nov 2010 02:00:22 -0800 (PST) Received: by 10.229.217.210 with HTTP; Thu, 25 Nov 2010 02:00:22 -0800 (PST) Date: Thu, 25 Nov 2010 11:00:22 +0100 Message-ID: From: Redd Vinylene To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: What's new? Would these settings still work? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Nov 2010 10:24:01 -0000 Hey hey! While back ago I did some work on some jails. I'm just curious if these settings would still work, and if possible, they could be improved somehow? Big ups to Bjorn for his awesome work! - rc.conf: jail_enable="YES" jail_list="box1 box2" jail_box1_rootdir="/home/jails/box1" jail_box1_hostname="box1.example.net" jail_box1_ip="192.168.1.2" jail_box1_devfs_enable="YES" jail_box1_devfs_ruleset="devfsrules_jail" jail_box2_rootdir="/home/jails/box2" jail_box2_hostname="box2.example.net" jail_box2_ip="192.168.1.3" jail_box2_devfs_enable="YES" jail_box2_devfs_ruleset="devfsrules_jail" - make_jails.sh: #!/usr/bin/env zsh set -e cd /usr/src export D=/home/jails/box1 mkdir -p $D make world distribution DESTDIR=$D mount -t devfs devfs $D/dev export D=/home/jails/box2 mkdir -p $D make world distribution DESTDIR=$D mount -t devfs devfs $D/dev # /etc/rc.d/jail start box1 # /etc/rc.d/jail start box2 # jexec 1 sh # jexec 2 sh # portinstall jailutils - upgrade_jails.sh: #!/usr/bin/env zsh set -e csup /etc/cvsupfile cd /usr/src make buildworld buildkernel mergemaster -p make installworld installkernel delete-old delete-old-libs mergemaster -i -U JAILS=/usr/jails for jail in $JAILS/*; do mergemaster -p -D $jail make installworld delete-old delete-old-libs DESTDIR=$jail mergemaster -i -U -D $jail done chflags -R noschg /usr/obj/* rm -rf /usr/obj/* - Much obliged! Redd http://www.zshare.net/download/552763591f4802ce/ From owner-freebsd-jail@FreeBSD.ORG Thu Nov 25 23:07:20 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 74D231065672 for ; Thu, 25 Nov 2010 23:07:20 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from snt0-omc4-s3.snt0.hotmail.com (snt0-omc4-s3.snt0.hotmail.com [65.55.90.206]) by mx1.freebsd.org (Postfix) with ESMTP id 4C8788FC13 for ; Thu, 25 Nov 2010 23:07:19 +0000 (UTC) Received: from SNT139-W57 ([65.55.90.201]) by snt0-omc4-s3.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 25 Nov 2010 14:55:19 -0800 Message-ID: X-Originating-IP: [81.174.54.98] From: Andrew Hotlab To: , Date: Thu, 25 Nov 2010 22:55:19 +0000 Importance: Normal Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 25 Nov 2010 22:55:19.0391 (UTC) FILETIME=[D54FCEF0:01CB8CF3] Cc: Subject: RE: Multiple Subnets/interfaces X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Nov 2010 23:07:20 -0000 > From: danieljfaulknor@gmail.com > Date: Wed=2C 24 Nov 2010 16:00:52 +1300 > To: freebsd-jail@freebsd.org > Subject: Multiple Subnets/interfaces > > Hi=2C > > I have a FreeBSD server with two interfaces=2C both on different physical= networks. I want to have some jails on each network. > > # This file now contains just the overrides from /etc/defaults/rc.conf. > hostname=3D"fs1.akl1.generatornz.com" > ifconfig_bce0=3D"inet 120.xxx.52.2/28" > ifconfig_bce0_alias0=3D"inet 120.xxx.52.3/32" > ifconfig_bce0_alias1=3D"inet 120.xxx.52.4/32" > ifconfig_bce0_alias2=3D"inet 120.xxx.52.6/32" > ifconfig_bce1=3D"inet 120.xxx.55.146/25" > ifconfig_bce1_alias0=3D"inet 120.xxx.55.147/25" > defaultrouter=3D"120.xxx.52.1" > > I have added this to my pf: > > pass out route-to ($ext_if 120.xxx.55.129) from 120.xxx.55.147 to ! 120.x= xx.55.128/23 > This rule seems correct if you want to allow only the IP 120.xxx.55.147 to = be reachable by hosts outside the subnet=2C even if the CIDR notation you wrote at the end of the line seems wrong to m= e. Shouldn't it be 120.xxx.55.128/25 ? I think that it is a best practice to add the secondary IP address to the b= ge1 interface with a /32 netmask. > I can ping 120.xxx.55.147=2C but i can't connect to any services that net= stat is showing that is running: > > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address (state) > tcp4 0 0 ip-120-136-55-14.ssh *.* LISTEN > tcp4 0 0 ip-120-136-55-14.http *.* LISTEN > tcp4 0 0 ip-120-136-55-14.9000 *.* LISTEN > In the past I used such PF rules to enable several jails on the same host i= n different subnets to reach interconnected networks=2C but I have been using the multiple FIB feature since FreeBSD 7.= 2. Now I'm running the RELENG_8_1 and I'm still very satisfied by this method=2C which I feel more "solid" th= an the PF "hack". I don't remember exactly why=2C but in my last functioning ruleset I've jus= t noticed the "no state" command at the end of each rule. Hope this might help you. Sincerely. Andrew =