From owner-freebsd-jail@FreeBSD.ORG Mon Mar 31 05:06:10 2008 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58CC110656C0; Mon, 31 Mar 2008 05:06:10 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 332CB8FC17; Mon, 31 Mar 2008 05:06:10 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m2V56AKi080355; Mon, 31 Mar 2008 05:06:10 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m2V56AcG080351; Mon, 31 Mar 2008 05:06:10 GMT (envelope-from linimon) Date: Mon, 31 Mar 2008 05:06:10 GMT Message-Id: <200803310506.m2V56AcG080351@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/122270: [jail] [patch] jail numbers keep incrementing X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2008 05:06:10 -0000 Synopsis: [jail] [patch] jail numbers keep incrementing Responsible-Changed-From-To: freebsd-bugs->freebsd-jail Responsible-Changed-By: linimon Responsible-Changed-When: Mon Mar 31 05:06:00 UTC 2008 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=122270 From owner-freebsd-jail@FreeBSD.ORG Mon Mar 31 11:07:04 2008 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1FDE210657B7 for ; Mon, 31 Mar 2008 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 10FD18FC14 for ; Mon, 31 Mar 2008 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m2VB73sT038958 for ; Mon, 31 Mar 2008 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m2VB73mu038954 for freebsd-jail@FreeBSD.org; Mon, 31 Mar 2008 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 31 Mar 2008 11:07:03 GMT Message-Id: <200803311107.m2VB73mu038954@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2008 11:07:04 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail 2 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/119305 jail [jail] [patch] jexec(8): jexec -n prisonname: selectio o kern/120753 jail [jail] Zombie jails (jailed child process exits while o kern/122270 jail [jail] [patch] jail numbers keep incrementing 11 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Mar 31 21:33:58 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B9348106564A for ; Mon, 31 Mar 2008 21:33:58 +0000 (UTC) (envelope-from johan@stromnet.se) Received: from core.stromnet.se (core.stromnet.se [83.218.84.131]) by mx1.freebsd.org (Postfix) with ESMTP id 76B758FC16 for ; Mon, 31 Mar 2008 21:33:58 +0000 (UTC) (envelope-from johan@stromnet.se) Received: from localhost (core.stromnet.se [83.218.84.131]) by core.stromnet.se (Postfix) with ESMTP id C7001D4640C; Mon, 31 Mar 2008 23:15:41 +0200 (CEST) X-Virus-Scanned: amavisd-new at stromnet.se Received: from core.stromnet.se ([83.218.84.131]) by localhost (core.stromnet.se [83.218.84.135]) (amavisd-new, port 10024) with ESMTP id XgyEnL5A+Na9; Mon, 31 Mar 2008 23:15:38 +0200 (CEST) Received: from johan-mp.stromnet.se (90-224-172-102-no129.tbcn.telia.com [90.224.172.102]) by core.stromnet.se (Postfix) with ESMTP id 7205BD46405; Mon, 31 Mar 2008 23:15:38 +0200 (CEST) Message-Id: From: =?ISO-8859-1?Q?Johan_Str=F6m?= To: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v919.2) Date: Mon, 31 Mar 2008 23:15:37 +0200 X-Mailer: Apple Mail (2.919.2) Cc: Subject: FreeBSD 7 and multiple IP (mijail-patch in 6.x) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2008 21:33:58 -0000 Hello I got a machine running 6.2 right now, which is being replaced. And =20 since SMP performance is much better on 7.x I'd like to go with 7.0 =20 (and many ppl have indeed verified that it works good on this box, HP =20= DL360 G5)... But, now when I start to setup the machine, I recalled that i've =20 patched the 6.2 box with the freebsd mijail patch = (http://www.digitaldaemon.com/FreeBSD/FreeBSD/FreeBSD_6.2-STABLE-mijail.pa= tch=20 ). However, I cannot find anywhere about FreeBSD 7 and a similar patch. A =20= quick look at the patch vs the 7.x source tells me it won't apply =20 cleanly, but from what I've seen quickly, it could maybe be done. The =20= differences I've seen doesn't look too advanced, but then again, I'm =20= not a kernel developer... So, I'd like to know if anyone considered this on 7.x, or if anyone =20 can tell me immediately that this wont work or will be LOTS of work, =20 or just some patch line adjusting? Ie, how big are the changes from =20 6.x to 7.x in these sections? Thank you for any answers or pointers. -- Johan Str=F6m Stromnet johan@stromnet.se http://www.stromnet.se/ From owner-freebsd-jail@FreeBSD.ORG Wed Apr 2 13:39:47 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3AAD71065673 for ; Wed, 2 Apr 2008 13:39:47 +0000 (UTC) (envelope-from josh@endries.org) Received: from www.endries.org (www.endries.org [216.230.164.2]) by mx1.freebsd.org (Postfix) with ESMTP id 2D5EF8FC2C for ; Wed, 2 Apr 2008 13:39:46 +0000 (UTC) (envelope-from josh@endries.org) Received: from localhost (localhost.endries.org [127.0.0.1]) by www.endries.org (Postfix) with ESMTP id 153ECA664AF for ; Wed, 2 Apr 2008 09:23:38 -0400 (EDT) X-Virus-Scanned: amavisd-new at endries.org Received: from www.endries.org ([127.0.0.1]) by localhost (www.endries.org [127.0.0.1]) (amavisd-new, port 10025) with LMTP id L1lApij5MdXp for ; Wed, 2 Apr 2008 09:23:31 -0400 (EDT) Received: from [192.168.0.128] (rrcs-72-43-92-186.nys.biz.rr.com [72.43.92.186]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by www.endries.org (Postfix) with ESMTP id 20318A66422 for ; Wed, 2 Apr 2008 09:23:28 -0400 (EDT) Message-ID: <47F388CB.2000205@endries.org> Date: Wed, 02 Apr 2008 09:23:23 -0400 From: Josh Endries User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Question about pf, NAT and routing. (attempt #2) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Apr 2008 13:39:47 -0000 For some reason my other message never made it through, so here we are again! A while ago I needed to give a jail access to two networks/IPs (one external for a web site and one internal for a DB connection). I ended up using a localhost IP (127.0.0.2) for the jail and nat/binat in pf to control where the traffic went, depending on destination. I'm trying to set up a jail now that's similar. My host has multiple interfaces on multiple networks, and the jail is on lo0, and I would like to NAT traffic to internal networks from one IP out one interface, and everything else out another IP through the external interface. I found an email on here from jpaetzel (o/) explaining how to use route-to, and that works; it fixed default route problem (thanks!). Unfortunately that only seems to work if the jail is using an IP on one of the interfaces in question. I suppose there is some sort of problem between the NATing and routing. Here is my crazy config: ra# ifconfig bce0: flags=8843 metric 0 mtu 1500 options=1bb ether 00:1e:0b:ed:f9:ec media: Ethernet autoselect (1000baseTX ) status: active lagg: laggdev lagg0 bce1: flags=8843 metric 0 mtu 1500 options=1bb ether 00:1e:0b:ed:f9:ec media: Ethernet autoselect (none) status: no carrier lagg: laggdev lagg0 lo0: flags=8049 metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 inet 127.0.0.5 netmask 0xffffffff inet 127.0.0.4 netmask 0xffffffff lagg0: flags=8843 metric 0 mtu 1500 options=1bb ether 00:1e:0b:ed:f9:ec media: Ethernet autoselect status: active laggproto lacp laggport: bce1 flags=20 laggport: bce0 flags=1c vlan2: flags=8843 metric 0 mtu 1500 options=3 ether 00:1e:0b:ed:f9:ec inet 10.1.0.2 netmask 0xffffff00 broadcast 10.1.0.255 media: Ethernet autoselect status: active vlan: 2 parent interface: lagg0 vlan1: flags=8843 metric 0 mtu 1500 options=3 ether 00:1e:0b:ed:f9:ec inet 192.168.0.91 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect status: active vlan: 1 parent interface: lagg0 ra# pfctl -s nat No ALTQ support in kernel ALTQ related functions disabled binat on vlan2 inet from 127.0.0.5 to any -> 10.1.0.2 binat on vlan1 inet from 127.0.0.4 to any -> 192.168.0.91 ra# pfctl -s rules No ALTQ support in kernel ALTQ related functions disabled scrub in all fragment reassemble block drop all pass out route-to (vlan2 10.1.0.1) inet from 10.1.0.2 to ! 10.1.0.0/24 flags S/SA keep state pass out route-to (vlan1 192.168.0.1) inet from 192.168.0.91 to ! 192.168.0.0/24 flags S/SA keep state ra# jls JID IP Address Hostname Path 22 127.0.0.5 dns /jails/dns/root 21 127.0.0.4 mysql /jails/mysql/root The problem is the same. The jail that has the default route for it's NAT (dns) works fine, but the other jail (mysql) doesn't. I get the error "Can't assign requested address". The packets from the mysql jail don't show up anywhere in tcpdump, packets from the dns jail shows up as normal. :D Josh From owner-freebsd-jail@FreeBSD.ORG Thu Apr 3 18:59:28 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 903EB1065681 for ; Thu, 3 Apr 2008 18:59:28 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 43B748FC0A for ; Thu, 3 Apr 2008 18:59:28 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 47D0741C75E; Thu, 3 Apr 2008 20:40:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id 7EIn33-R5QEe; Thu, 3 Apr 2008 20:40:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 92B5B41C75A; Thu, 3 Apr 2008 20:40:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id ECBFE44487F; Thu, 3 Apr 2008 18:39:03 +0000 (UTC) Date: Thu, 3 Apr 2008 18:39:03 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: =?ISO-8859-1?Q?Johan_Str=F6m?= In-Reply-To: Message-ID: <20080403183522.X66744@maildrop.int.zabbadoz.net> References: X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-2274503-1207247943=:66744" Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: Re: FreeBSD 7 and multiple IP (mijail-patch in 6.x) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Apr 2008 18:59:28 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-2274503-1207247943=:66744 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Mon, 31 Mar 2008, Johan Str=F6m wrote: Hi, > I got a machine running 6.2 right now, which is being replaced. And since= SMP=20 > performance is much better on 7.x I'd like to go with 7.0 (and many ppl h= ave=20 > indeed verified that it works good on this box, HP DL360 G5)... > But, now when I start to setup the machine, I recalled that i've patched = the=20 > 6.2 box with the freebsd mijail patch=20 > (http://www.digitaldaemon.com/FreeBSD/FreeBSD/FreeBSD_6.2-STABLE-mijail.p= atch). > However, I cannot find anywhere about FreeBSD 7 and a similar patch. A qu= ick=20 > look at the patch vs the 7.x source tells me it won't apply cleanly, but = from=20 > what I've seen quickly, it could maybe be done. The differences I've seen= =20 > doesn't look too advanced, but then again, I'm not a kernel developer... > > So, I'd like to know if anyone considered this on 7.x, or if anyone can t= ell=20 > me immediately that this wont work or will be LOTS of work, or just some= =20 > patch line adjusting? Ie, how big are the changes from 6.x to 7.x in thes= e=20 > sections? I had planned to have a patch for multiv4/v6 jails last month but it's not yet publicly available. I have sent it off to some people for review. In case the above is a successor of pjd's multi-ip v4 jail patch I can give you a plain forward port to a FreeBSD 7 system (which might have possible locking issues I have never experienced). All depends on how quickly you need it. /bz --=20 Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time. --0-2274503-1207247943=:66744-- From owner-freebsd-jail@FreeBSD.ORG Thu Apr 3 20:27:14 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 43B2E106564A; Thu, 3 Apr 2008 20:27:14 +0000 (UTC) (envelope-from johan@stromnet.se) Received: from core.stromnet.se (core.stromnet.se [83.218.84.131]) by mx1.freebsd.org (Postfix) with ESMTP id E97E68FC12; Thu, 3 Apr 2008 20:27:13 +0000 (UTC) (envelope-from johan@stromnet.se) Received: from localhost (core.stromnet.se [83.218.84.131]) by core.stromnet.se (Postfix) with ESMTP id 69614D46412; Thu, 3 Apr 2008 22:27:11 +0200 (CEST) X-Virus-Scanned: amavisd-new at stromnet.se Received: from core.stromnet.se ([83.218.84.131]) by localhost (core.stromnet.se [83.218.84.135]) (amavisd-new, port 10024) with ESMTP id XzW7fP0PQ88X; Thu, 3 Apr 2008 22:27:08 +0200 (CEST) Received: from johan-mp.stromnet.se (90-224-172-102-no129.tbcn.telia.com [90.224.172.102]) by core.stromnet.se (Postfix) with ESMTP id 81EC9D46405; Thu, 3 Apr 2008 22:27:08 +0200 (CEST) Message-Id: <1A0C7A63-5796-48EE-B104-E25845D78422@stromnet.se> From: =?ISO-8859-1?Q?Johan_Str=F6m?= To: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org In-Reply-To: <20080403183522.X66744@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v919.2) Date: Thu, 3 Apr 2008 22:27:08 +0200 References: <20080403183522.X66744@maildrop.int.zabbadoz.net> X-Mailer: Apple Mail (2.919.2) Cc: Subject: Re: FreeBSD 7 and multiple IP (mijail-patch in 6.x) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Apr 2008 20:27:14 -0000 On Apr 3, 2008, at 8:39 PM, Bjoern A. Zeeb wrote: > On Mon, 31 Mar 2008, Johan Str=F6m wrote: > > Hi, > >> I got a machine running 6.2 right now, which is being replaced. And =20= >> since SMP performance is much better on 7.x I'd like to go with 7.0 =20= >> (and many ppl have indeed verified that it works good on this box, =20= >> HP DL360 G5)... >> But, now when I start to setup the machine, I recalled that i've =20 >> patched the 6.2 box with the freebsd mijail patch = (http://www.digitaldaemon.com/FreeBSD/FreeBSD/FreeBSD_6.2-STABLE-mijail.pa= tch=20 >> ). >> However, I cannot find anywhere about FreeBSD 7 and a similar =20 >> patch. A quick look at the patch vs the 7.x source tells me it =20 >> won't apply cleanly, but from what I've seen quickly, it could =20 >> maybe be done. The differences I've seen doesn't look too advanced, =20= >> but then again, I'm not a kernel developer... >> >> So, I'd like to know if anyone considered this on 7.x, or if anyone =20= >> can tell me immediately that this wont work or will be LOTS of =20 >> work, or just some patch line adjusting? Ie, how big are the =20 >> changes from 6.x to 7.x in these sections? > > I had planned to have a patch for multiv4/v6 jails last month but =20 > it's not > yet publicly available. I have sent it off to some people for review. > > In case the above is a successor of pjd's multi-ip v4 jail patch I can > give you a plain forward port to a FreeBSD 7 system (which might have > possible locking issues I have never experienced). > > All depends on how quickly you need it. Hello, thanks for your answer. Yep, the patch i've been using on 6 looks very much like pjd's = (http://people.freebsd.org/~pjd/patches/mijail5.patch=20 ). Are you using this Fbsd7-port, or do you have any idea if anyone =20 does/how much it have been tested? I have no need for IPv6 right now, so if nothing else, I'd be glad to =20= test the 7-port of pjd's to see if it works. That sounds kindof what I =20= thought to do so.. :) Thank you! -- Johan