From owner-freebsd-jail@FreeBSD.ORG Sun Nov 15 23:29:31 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2BA8106566B for ; Sun, 15 Nov 2009 23:29:31 +0000 (UTC) (envelope-from vagif@zeynalov.com) Received: from mailrelay.zeynalov.com (mailrelay.zeynalov.com [207.182.142.123]) by mx1.freebsd.org (Postfix) with ESMTP id 9A7FF8FC0A for ; Sun, 15 Nov 2009 23:29:31 +0000 (UTC) Received: from zeynalovcom.local (zeynalovcom.local [192.168.20.2]) by mailrelay.zeynalov.com (8.14.3/8.14.3) with ESMTP id nAFMssXq041760 for ; Sun, 15 Nov 2009 22:54:54 GMT (envelope-from vagif@zeynalov.com) Received: from vagifPC ([95.31.0.196]) (authenticated bits=0) by zeynalovcom.local (8.14.3/8.14.3) with ESMTP id nAFMsqWg041750 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Sun, 15 Nov 2009 22:54:54 GMT (envelope-from vagif@zeynalov.com) Message-ID: From: "Vagif Zeynalov" To: Date: Mon, 16 Nov 2009 01:54:36 +0300 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Mail 6.0.6002.18005 X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6002.18005 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (mailrelay.zeynalov.com [207.182.142.123]); Sun, 15 Nov 2009 22:54:54 +0000 (UTC) X-Spam-Status: No, score=-103.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, HTML_MESSAGE,USER_IN_WHITELIST autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mailrelay.local Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Broadcast under Jail problems X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Nov 2009 23:29:31 -0000 Hi All! I use the mediatomb package as the UPNP/DLNA media server under under = jail. But after upgrade from 7.0 Release to the 7.2 Current, the mediatomb = doesn't work any more. Two days ago I've upgraded to the 8.0RC3, and problem still present. I think it is some security issue, but I have not any idea how to open = broadcasting for a jailed process. Without jail the mediatomb works fine. May be someone already experienced the same problem and know how to fix = it? Jail's settings: =3D=3D=3D=3D=3D=3D=3D=3D=3D jail_set_hostname_allow=3D"NO" jail_socket_unixiproute_only=3D"YES" jail_sysvipc_allow=3D"YES" jail_allow_raw_sockets=3D"YES" jail_upnp_rootdir=3D"$jail_dir/upnp" jail_upnp_hostname=3D"upnp.local" jail_upnp_interface=3D"sk0" jail_upnp_ip=3D"sk0|192.168.22.103/24,lo0|127.0.0.2/8,msk0|192.168.23.103= /24" jail_upnp_exec_start=3D"/bin/sh /etc/rc" jail_upnp_exec_stop=3D"/bin/sh /etc/rc.shutdown" jail_upnp_devfs_enable=3D"YES" jail_upnp_fdescfs_enable=3D"NO" jail_upnp_procfs_enable=3D"YES" jail_upnp_mount_enable=3D"NO" jail_upnp_devfs_ruleset=3D"10" jail_upnp_mount_enable=3D"YES" jail_upnp_fstab=3D"$jail_config_dir/upnp.fstab" jail_upnp_flags=3D"-l -U root" ...I can provide more details if it will be necessary... Thank you, Vagif. From owner-freebsd-jail@FreeBSD.ORG Mon Nov 16 07:10:08 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F5FC106566B for ; Mon, 16 Nov 2009 07:10:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 05A0A8FC14 for ; Mon, 16 Nov 2009 07:10:08 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id CA72F41C752; Mon, 16 Nov 2009 08:10:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id FHWXcnfzsQ0h; Mon, 16 Nov 2009 08:10:06 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 157B341C751; Mon, 16 Nov 2009 08:10:06 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 9D8EF4448E6; Mon, 16 Nov 2009 07:07:26 +0000 (UTC) Date: Mon, 16 Nov 2009 07:07:26 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Vagif Zeynalov In-Reply-To: Message-ID: <20091116070634.S37440@maildrop.int.zabbadoz.net> References: X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: Broadcast under Jail problems X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2009 07:10:08 -0000 On Mon, 16 Nov 2009, Vagif Zeynalov wrote: Hi, > ...I can provide more details if it will be necessary... error ogs from the application would be interesting to see which (sys)call return which error so that we can narrow it down. /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. From owner-freebsd-jail@FreeBSD.ORG Mon Nov 16 11:06:56 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 68756106568F for ; Mon, 16 Nov 2009 11:06:56 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 56D658FC08 for ; Mon, 16 Nov 2009 11:06:56 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nAGB6uRd011213 for ; Mon, 16 Nov 2009 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nAGB6tZU011211 for freebsd-jail@FreeBSD.org; Mon, 16 Nov 2009 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 16 Nov 2009 11:06:55 GMT Message-Id: <200911161106.nAGB6tZU011211@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2009 11:06:56 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 4 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Nov 16 13:15:12 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 65D9E106566B for ; Mon, 16 Nov 2009 13:15:12 +0000 (UTC) (envelope-from vagif@zeynalov.com) Received: from mailrelay.zeynalov.com (mailrelay.zeynalov.com [207.182.142.123]) by mx1.freebsd.org (Postfix) with ESMTP id 20E7A8FC16 for ; Mon, 16 Nov 2009 13:15:11 +0000 (UTC) Received: from zeynalovcom.local (zeynalovcom.local [192.168.20.2]) by mailrelay.zeynalov.com (8.14.3/8.14.3) with ESMTP id nAGDFBo4092026; Mon, 16 Nov 2009 13:15:11 GMT (envelope-from vagif@zeynalov.com) Received: from vagifPC ([95.31.0.196]) (authenticated bits=0) by zeynalovcom.local (8.14.3/8.14.3) with ESMTP id nAGDF8tJ091940 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 16 Nov 2009 13:15:10 GMT (envelope-from vagif@zeynalov.com) Message-ID: From: "Vagif Zeynalov" To: "Bjoern A. Zeeb" References: <20091116070634.S37440@maildrop.int.zabbadoz.net> In-Reply-To: <20091116070634.S37440@maildrop.int.zabbadoz.net> Date: Mon, 16 Nov 2009 16:14:59 +0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Mail 6.0.6002.18005 X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6002.18005 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (mailrelay.zeynalov.com [207.182.142.123]); Mon, 16 Nov 2009 13:15:11 +0000 (UTC) X-Spam-Status: No, score=-103.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, USER_IN_WHITELIST autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mailrelay.local Cc: freebsd-jail@freebsd.org Subject: Re: Broadcast under Jail problems X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2009 13:15:12 -0000 >> ...I can provide more details if it will be necessary... > > error ogs from the application would be interesting to see which > (sys)call return which error so that we can narrow it down. > You know, to make the answer I just rebuild the mediatomb on the clear jail machine and... the problem has been disappeared! It's very strange, because I already did it before few times. Whatever, sorry guys for disturb. ;-)) I have to investigate, what did I change at last night in the system. Regards, Vagif From owner-freebsd-jail@FreeBSD.ORG Tue Nov 17 09:38:48 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C77AE106568D for ; Tue, 17 Nov 2009 09:38:48 +0000 (UTC) (envelope-from Lars.Scheithauer@fh-heidelberg.de) Received: from dnsfh.fh-heidelberg.de (dnsfh.fh-heidelberg.de [193.197.74.49]) by mx1.freebsd.org (Postfix) with ESMTP id 4B7F58FC14 for ; Tue, 17 Nov 2009 09:38:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by dnsfh.spamfilter.fh-heidelberg.de (Postfix) with ESMTP id 391CF1FF93 for ; Tue, 17 Nov 2009 10:19:02 +0100 (CET) X-Virus-Scanned: AMAVIS New Header in DNSFH Received: from dnsfh.fh-heidelberg.de ([127.0.0.1]) by localhost (dnsfh.fh-heidelberg.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Hp772UVuEOH for ; Tue, 17 Nov 2009 10:18:59 +0100 (CET) Received: from FHCLUSRV-EX.dcs.fh-heidelberg.de (FHCLUSRV-N1.dcs.fh-heidelberg.de [172.28.0.41]) by dnsfh.fh-heidelberg.de (Postfix) with ESMTP id 94E371FF5C for ; Tue, 17 Nov 2009 10:18:59 +0100 (CET) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Tue, 17 Nov 2009 10:18:59 +0100 Message-ID: <26040005B7F3AA41A0345BCE386CA09701C62A79@FHCLUSRV-EX.dcs.fh-heidelberg.de> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Networking from jail Thread-Index: AcpnZv6szVHYSCdfRL+YOiY5dl0EJA== From: "Scheithauer, Lars (FH)" To: Subject: Networking from jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2009 09:38:49 -0000 Hi everyone! I'm having a little trouble with my jail's networking and I'm not sure what to make of it. My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The jailhost has both IP-adresses, the jail has just it's own: Jail# ifconfig bce0: flags=3D8843 metric 0 mtu 1500 =20 options=3D1bb ether xx:xx:xx:xx:xx:10 inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 media: Ethernet autoselect (1000baseSX ) status: active [...] Host# ifconfig bce0: flags=3D8843 metric 0 mtu 1500 =20 options=3D1bb ether xx:xx:xx:xx:xx:10 inet x.y.z.61 netmask 0xffffffc0 broadcast x.y.z.63 inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 media: Ethernet autoselect (1000baseSX ) status: active [...] I am able to access the ssh-server running on the jail, and I am able to access the proxyserver of our network via telnet and get some pages of the internet. However, if I want to install something from the ports, the jail is unable to fetch it: Jail# cd /usr/ports/ftp/wget Jail# make =3D=3D=3D> Vulnerability check disabled, database not found =3D=3D=3D> Found saved configuration for wget-1.11.4_1 =3D> wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. =3D> Attempting to fetch from http://ftp.gnu.org/gnu/wget/. fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed out =3D> Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/. [...] I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY and FTP_PROXY. If I test the connection with netcat, I get the following error message: # nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80 nc: read failed (0/3): Broken pipe The funny thing is, that I have no problem installing ports from the Host-system. From what I can tell, all the config files are correct: Jail# cat /etc/rc.conf sshd_enable=3D"YES" ifconfig_bce0=3D"inet x.y.z.60 netmask 255.255.255.192" defaultrouter=3D"x.y.z.62" hostname=3D"jail.example.com" Host# cat /etc/rc.conf sshd_enable=3D"NO" ifconfig_bce0=3D"inet x.y.z.61 netmask 255.255.255.192" defaultrouter=3D"x.y.z.62" hostname=3D"host.example.com" ipv6_enable=3D"NO" jail_enable=3D"YES" jail_set_hostname_allow=3D"NO" jail_list=3D"jail" jail_jail_hostname=3D"jail" jail_jail_ip=3D"x.y.z.60" jail_jail_rootdir=3D"my/jail/root" jail_jail_devfs_enable=3D"YES" Any ideas? Best Regards, Lars From owner-freebsd-jail@FreeBSD.ORG Tue Nov 17 09:49:04 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 66F3F1065676 for ; Tue, 17 Nov 2009 09:49:04 +0000 (UTC) (envelope-from Lars.Scheithauer@fh-heidelberg.de) Received: from dnsfh.fh-heidelberg.de (dnsfh.fh-heidelberg.de [193.197.74.49]) by mx1.freebsd.org (Postfix) with ESMTP id DF9CD8FC14 for ; Tue, 17 Nov 2009 09:49:03 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by dnsfh.spamfilter.fh-heidelberg.de (Postfix) with ESMTP id E6D351FF96 for ; Tue, 17 Nov 2009 10:49:02 +0100 (CET) X-Virus-Scanned: AMAVIS New Header in DNSFH Received: from dnsfh.fh-heidelberg.de ([127.0.0.1]) by localhost (dnsfh.fh-heidelberg.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vjwPS2xrMoRd for ; Tue, 17 Nov 2009 10:49:00 +0100 (CET) Received: from FHCLUSRV-EX.dcs.fh-heidelberg.de (FHCLUSRV-N1.dcs.fh-heidelberg.de [172.28.0.41]) by dnsfh.fh-heidelberg.de (Postfix) with ESMTP id 0FF911FF94 for ; Tue, 17 Nov 2009 10:49:00 +0100 (CET) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 17 Nov 2009 10:48:59 +0100 Message-ID: <26040005B7F3AA41A0345BCE386CA09701C62A7A@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <26040005B7F3AA41A0345BCE386CA09701C62A79@FHCLUSRV-EX.dcs.fh-heidelberg.de> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Networking from jail - errata Thread-Index: AcpnZv6szVHYSCdfRL+YOiY5dl0EJAABA3sw References: <26040005B7F3AA41A0345BCE386CA09701C62A79@FHCLUSRV-EX.dcs.fh-heidelberg.de> From: "Scheithauer, Lars (FH)" To: Subject: Networking from jail - errata X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2009 09:49:04 -0000 Quick note: Forgot to replace two values. Jail - x.y.z.61 Host - x.y.z.60 Router - x.y.z.62 -----Urspr=FCngliche Nachricht----- Von: owner-freebsd-jail@freebsd.org = [mailto:owner-freebsd-jail@freebsd.org] Im Auftrag von Scheithauer, Lars = (FH) Gesendet: Dienstag, 17. November 2009 10:19 An: freebsd-jail@freebsd.org Betreff: Networking from jail Hi everyone! I'm having a little trouble with my jail's networking and I'm not sure what to make of it. My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The jailhost has both IP-adresses, the jail has just it's own: Jail# ifconfig bce0: flags=3D8843 metric 0 mtu 1500 =20 options=3D1bb ether xx:xx:xx:xx:xx:10 inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 media: Ethernet autoselect (1000baseSX ) status: active [...] Host# ifconfig bce0: flags=3D8843 metric 0 mtu 1500 =20 options=3D1bb ether xx:xx:xx:xx:xx:10 inet x.y.z.61 netmask 0xffffffc0 broadcast x.y.z.63 inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 media: Ethernet autoselect (1000baseSX ) status: active [...] I am able to access the ssh-server running on the jail, and I am able to access the proxyserver of our network via telnet and get some pages of the internet. However, if I want to install something from the ports, the jail is unable to fetch it: Jail# cd /usr/ports/ftp/wget Jail# make =3D=3D=3D> Vulnerability check disabled, database not found =3D=3D=3D> Found saved configuration for wget-1.11.4_1 =3D> wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. =3D> Attempting to fetch from http://ftp.gnu.org/gnu/wget/. fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed out =3D> Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/. [...] I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY and FTP_PROXY. If I test the connection with netcat, I get the following error message: # nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80 nc: read failed (0/3): Broken pipe The funny thing is, that I have no problem installing ports from the Host-system. From what I can tell, all the config files are correct: Jail# cat /etc/rc.conf sshd_enable=3D"YES" ifconfig_bce0=3D"inet x.y.z.60 netmask 255.255.255.192" defaultrouter=3D"x.y.z.62" hostname=3D"jail.example.com" Host# cat /etc/rc.conf sshd_enable=3D"NO" ifconfig_bce0=3D"inet x.y.z.61 netmask 255.255.255.192" defaultrouter=3D"x.y.z.62" hostname=3D"host.example.com" ipv6_enable=3D"NO" jail_enable=3D"YES" jail_set_hostname_allow=3D"NO" jail_list=3D"jail" jail_jail_hostname=3D"jail" jail_jail_ip=3D"x.y.z.60" jail_jail_rootdir=3D"my/jail/root" jail_jail_devfs_enable=3D"YES" Any ideas? Best Regards, Lars _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Tue Nov 17 10:45:07 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E14EE106566C for ; Tue, 17 Nov 2009 10:45:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 735038FC0A for ; Tue, 17 Nov 2009 10:45:07 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 0898341C750; Tue, 17 Nov 2009 11:45:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id saXruWhBq63q; Tue, 17 Nov 2009 11:45:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 7DCFE41C75A; Tue, 17 Nov 2009 11:45:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id D51654448E6; Tue, 17 Nov 2009 10:40:54 +0000 (UTC) Date: Tue, 17 Nov 2009 10:40:54 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: "Scheithauer, Lars (FH)" In-Reply-To: <26040005B7F3AA41A0345BCE386CA09701C62A7A@FHCLUSRV-EX.dcs.fh-heidelberg.de> Message-ID: <20091117103601.G37440@maildrop.int.zabbadoz.net> References: <26040005B7F3AA41A0345BCE386CA09701C62A79@FHCLUSRV-EX.dcs.fh-heidelberg.de> <26040005B7F3AA41A0345BCE386CA09701C62A7A@FHCLUSRV-EX.dcs.fh-heidelberg.de> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1639566562-1258454454=:37440" Cc: freebsd-jail@freebsd.org Subject: Re: Networking from jail - errata X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2009 10:45:08 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1639566562-1258454454=:37440 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote: Hi, > Quick note: > Forgot to replace two values. > Jail - x.y.z.61 > Host - x.y.z.60 > Router - x.y.z.62 > > > -----Urspr=FCngliche Nachricht----- > Von: owner-freebsd-jail@freebsd.org [mailto:owner-freebsd-jail@freebsd.or= g] Im Auftrag von Scheithauer, Lars (FH) > Gesendet: Dienstag, 17. November 2009 10:19 > An: freebsd-jail@freebsd.org > Betreff: Networking from jail > > Hi everyone! > > I'm having a little trouble with my jail's networking and I'm not sure > what to make of it. > > My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The > jailhost has both IP-adresses, the jail has just it's own: > > Jail# ifconfig > bce0: flags=3D8843 metric 0 mtu > 1500 > > options=3D1bb TSO4> > ether xx:xx:xx:xx:xx:10 > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > media: Ethernet autoselect (1000baseSX ) > status: active > [...] > Host# ifconfig > bce0: flags=3D8843 metric 0 mtu > 1500 > > options=3D1bb TSO4> > ether xx:xx:xx:xx:xx:10 > inet x.y.z.61 netmask 0xffffffc0 broadcast x.y.z.63 > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > media: Ethernet autoselect (1000baseSX ) > status: active > [...] > > I am able to access the ssh-server running on the jail, and I am able to > access the proxyserver of our network via telnet and get some pages of > the internet. However, if I want to install something from the ports, > the jail is unable to fetch it: > > Jail# cd /usr/ports/ftp/wget > Jail# make > =3D=3D=3D> Vulnerability check disabled, database not found > =3D=3D=3D> Found saved configuration for wget-1.11.4_1 > =3D> wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. > =3D> Attempting to fetch from http://ftp.gnu.org/gnu/wget/. > fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed > out > =3D> Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/. > [...] > > I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY > and FTP_PROXY. If I test the connection with netcat, I get the following > error message: > # nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80 > nc: read failed (0/3): Broken pipe The usual thing I am interested at that point is - does name resolution work properly from within the jail? /etc/resolv.conf setup correctly etc? > The funny thing is, that I have no problem installing ports from the > Host-system. From what I can tell, all the config files are correct: > > Jail# cat /etc/rc.conf > sshd_enable=3D"YES" > ifconfig_bce0=3D"inet x.y.z.60 netmask 255.255.255.192" > defaultrouter=3D"x.y.z.62" > hostname=3D"jail.example.com" That's not going to work, really (the ifconfig, defaultrouter, and unless you changed the defaults on the host system not even the hostname). You should actually remove those. > Host# cat /etc/rc.conf > sshd_enable=3D"NO" > ifconfig_bce0=3D"inet x.y.z.61 netmask 255.255.255.192" > defaultrouter=3D"x.y.z.62" > hostname=3D"host.example.com" > ipv6_enable=3D"NO" > jail_enable=3D"YES" > jail_set_hostname_allow=3D"NO" > jail_list=3D"jail" > jail_jail_hostname=3D"jail" > jail_jail_ip=3D"x.y.z.60" > jail_jail_rootdir=3D"my/jail/root" > jail_jail_devfs_enable=3D"YES" That doesn't really match your ifconfig output from above; something on the host system would have to set the IP address of the host. I would expect something like (you may have mixed jail and host addresses so properly sort this): # host system IP address ifconfig_bce0=3Dinet x.y.z.61 netmask 255.255.255.192" # jail IP address ifconfig_bce0_alias0=3Dinet x.y.z.60 netmask 255.255.255.255" Note that the alias has a /32 netmask. /bz --=20 Bjoern A. Zeeb It will not break if you know what you are doing. --0-1639566562-1258454454=:37440-- From owner-freebsd-jail@FreeBSD.ORG Tue Nov 17 11:18:44 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D67CF1065672 for ; Tue, 17 Nov 2009 11:18:44 +0000 (UTC) (envelope-from Lars.Scheithauer@fh-heidelberg.de) Received: from dnsfh.fh-heidelberg.de (dnsfh.fh-heidelberg.de [193.197.74.49]) by mx1.freebsd.org (Postfix) with ESMTP id 5992B8FC2A for ; Tue, 17 Nov 2009 11:18:44 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by dnsfh.spamfilter.fh-heidelberg.de (Postfix) with ESMTP id 88EDD20028; Tue, 17 Nov 2009 12:18:43 +0100 (CET) X-Virus-Scanned: AMAVIS New Header in DNSFH Received: from dnsfh.fh-heidelberg.de ([127.0.0.1]) by localhost (dnsfh.fh-heidelberg.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bwu8ypLAncC3; Tue, 17 Nov 2009 12:18:40 +0100 (CET) Received: from FHCLUSRV-EX.dcs.fh-heidelberg.de (FHCLUSRV-N1.dcs.fh-heidelberg.de [172.28.0.41]) by dnsfh.fh-heidelberg.de (Postfix) with ESMTP id C66EB2001A; Tue, 17 Nov 2009 12:18:40 +0100 (CET) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 17 Nov 2009 12:18:40 +0100 Message-ID: <26040005B7F3AA41A0345BCE386CA09701C62A7D@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <20091117103601.G37440@maildrop.int.zabbadoz.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Networking from jail - errata Thread-Index: Acpncxu90Zxqzz9pRqaRNW7LMdmzswABCKaw References: <26040005B7F3AA41A0345BCE386CA09701C62A79@FHCLUSRV-EX.dcs.fh-heidelberg.de><26040005B7F3AA41A0345BCE386CA09701C62A7A@FHCLUSRV-EX.dcs.fh-heidelberg.de> <20091117103601.G37440@maildrop.int.zabbadoz.net> From: "Scheithauer, Lars (FH)" To: Cc: "Bjoern A. Zeeb" Subject: AW: Networking from jail - errata X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2009 11:18:44 -0000 Hi Bjoern, thanks for the clarification, I changed the values according to your = suggestions. However, it did not resolve the problem. I've checked the proxy logfiles and it seems, that the Makefile(s) don't = try to access the proxy at all while fetching files. Is there any = reason, why the Makefile(s) should not use the *_PROXY-variables on the = jails? Best Regards, Lars -----Urspr=FCngliche Nachricht----- Von: owner-freebsd-jail@freebsd.org = [mailto:owner-freebsd-jail@freebsd.org] Im Auftrag von Bjoern A. Zeeb Gesendet: Dienstag, 17. November 2009 11:41 An: Scheithauer, Lars (FH) Cc: freebsd-jail@freebsd.org Betreff: Re: Networking from jail - errata On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote: Hi, > Quick note: > Forgot to replace two values. > Jail - x.y.z.61 > Host - x.y.z.60 > Router - x.y.z.62 > > > -----Urspr=FCngliche Nachricht----- > Von: owner-freebsd-jail@freebsd.org = [mailto:owner-freebsd-jail@freebsd.org] Im Auftrag von Scheithauer, Lars = (FH) > Gesendet: Dienstag, 17. November 2009 10:19 > An: freebsd-jail@freebsd.org > Betreff: Networking from jail > > Hi everyone! > > I'm having a little trouble with my jail's networking and I'm not sure > what to make of it. > > My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The > jailhost has both IP-adresses, the jail has just it's own: > > Jail# ifconfig > bce0: flags=3D8843 metric 0 = mtu > 1500 > > = options=3D1bb TSO4> > ether xx:xx:xx:xx:xx:10 > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > media: Ethernet autoselect (1000baseSX ) > status: active > [...] > Host# ifconfig > bce0: flags=3D8843 metric 0 = mtu > 1500 > > = options=3D1bb TSO4> > ether xx:xx:xx:xx:xx:10 > inet x.y.z.61 netmask 0xffffffc0 broadcast x.y.z.63 > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > media: Ethernet autoselect (1000baseSX ) > status: active > [...] > > I am able to access the ssh-server running on the jail, and I am able = to > access the proxyserver of our network via telnet and get some pages of > the internet. However, if I want to install something from the ports, > the jail is unable to fetch it: > > Jail# cd /usr/ports/ftp/wget > Jail# make > =3D=3D=3D> Vulnerability check disabled, database not found > =3D=3D=3D> Found saved configuration for wget-1.11.4_1 > =3D> wget-1.11.4.tar.bz2 doesn't seem to exist in = /usr/ports/distfiles/. > =3D> Attempting to fetch from http://ftp.gnu.org/gnu/wget/. > fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation = timed > out > =3D> Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/. > [...] > > I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY > and FTP_PROXY. If I test the connection with netcat, I get the = following > error message: > # nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80 > nc: read failed (0/3): Broken pipe The usual thing I am interested at that point is - does name resolution work properly from within the jail? /etc/resolv.conf setup correctly etc? > The funny thing is, that I have no problem installing ports from the > Host-system. From what I can tell, all the config files are correct: > > Jail# cat /etc/rc.conf > sshd_enable=3D"YES" > ifconfig_bce0=3D"inet x.y.z.60 netmask 255.255.255.192" > defaultrouter=3D"x.y.z.62" > hostname=3D"jail.example.com" That's not going to work, really (the ifconfig, defaultrouter, and unless you changed the defaults on the host system not even the hostname). You should actually remove those. > Host# cat /etc/rc.conf > sshd_enable=3D"NO" > ifconfig_bce0=3D"inet x.y.z.61 netmask 255.255.255.192" > defaultrouter=3D"x.y.z.62" > hostname=3D"host.example.com" > ipv6_enable=3D"NO" > jail_enable=3D"YES" > jail_set_hostname_allow=3D"NO" > jail_list=3D"jail" > jail_jail_hostname=3D"jail" > jail_jail_ip=3D"x.y.z.60" > jail_jail_rootdir=3D"my/jail/root" > jail_jail_devfs_enable=3D"YES" That doesn't really match your ifconfig output from above; something on the host system would have to set the IP address of the host. I would expect something like (you may have mixed jail and host addresses so properly sort this): # host system IP address ifconfig_bce0=3Dinet x.y.z.61 netmask 255.255.255.192" # jail IP address ifconfig_bce0_alias0=3Dinet x.y.z.60 netmask 255.255.255.255" Note that the alias has a /32 netmask. /bz --=20 Bjoern A. Zeeb It will not break if you know what you are doing. From owner-freebsd-jail@FreeBSD.ORG Tue Nov 17 11:30:07 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 356031065679 for ; Tue, 17 Nov 2009 11:30:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id E3F398FC0C for ; Tue, 17 Nov 2009 11:30:06 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 5156B41C7A4; Tue, 17 Nov 2009 12:30:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id ldwxgoaNSROc; Tue, 17 Nov 2009 12:30:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id BAB6B41C7A3; Tue, 17 Nov 2009 12:30:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 34F424448E6; Tue, 17 Nov 2009 11:27:40 +0000 (UTC) Date: Tue, 17 Nov 2009 11:27:40 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: "Scheithauer, Lars (FH)" In-Reply-To: <26040005B7F3AA41A0345BCE386CA09701C62A7D@FHCLUSRV-EX.dcs.fh-heidelberg.de> Message-ID: <20091117112535.L37440@maildrop.int.zabbadoz.net> References: <26040005B7F3AA41A0345BCE386CA09701C62A79@FHCLUSRV-EX.dcs.fh-heidelberg.de><26040005B7F3AA41A0345BCE386CA09701C62A7A@FHCLUSRV-EX.dcs.fh-heidelberg.de> <20091117103601.G37440@maildrop.int.zabbadoz.net> <26040005B7F3AA41A0345BCE386CA09701C62A7D@FHCLUSRV-EX.dcs.fh-heidelberg.de> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: AW: Networking from jail - errata X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2009 11:30:07 -0000 On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote: Hi, > thanks for the clarification, I changed the values according to your suggestions. However, it did not resolve the problem. Did you aslo check resolv.conf inside the jail? Does host www.freebsd.org work? > I've checked the proxy logfiles and it seems, that the Makefile(s) don't try to access the proxy at all while fetching files. Is there any reason, why the Makefile(s) should not use the *_PROXY-variables on the jails? I assume the proxy is squid and that the proxy itself works? What if you set the http_proxy variables to an IP address rather than the name (don't use 127.0.0.1 as address, just to rule that out as well). /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. From owner-freebsd-jail@FreeBSD.ORG Tue Nov 17 11:40:56 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3103A106568B for ; Tue, 17 Nov 2009 11:40:56 +0000 (UTC) (envelope-from Lars.Scheithauer@fh-heidelberg.de) Received: from dnsfh.fh-heidelberg.de (dnsfh.fh-heidelberg.de [193.197.74.49]) by mx1.freebsd.org (Postfix) with ESMTP id A71178FC12 for ; Tue, 17 Nov 2009 11:40:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by dnsfh.spamfilter.fh-heidelberg.de (Postfix) with ESMTP id D4D2B20032; Tue, 17 Nov 2009 12:40:54 +0100 (CET) X-Virus-Scanned: AMAVIS New Header in DNSFH Received: from dnsfh.fh-heidelberg.de ([127.0.0.1]) by localhost (dnsfh.fh-heidelberg.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kub+AL9M+SX7; Tue, 17 Nov 2009 12:40:52 +0100 (CET) Received: from FHCLUSRV-EX.dcs.fh-heidelberg.de (FHCLUSRV-N1.dcs.fh-heidelberg.de [172.28.0.41]) by dnsfh.fh-heidelberg.de (Postfix) with ESMTP id 5867C20028; Tue, 17 Nov 2009 12:40:52 +0100 (CET) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 17 Nov 2009 12:40:51 +0100 Message-ID: <26040005B7F3AA41A0345BCE386CA09701C62A80@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <20091117112535.L37440@maildrop.int.zabbadoz.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: AW: Networking from jail - errata Thread-Index: AcpneVIkXUDwzN9uShGn3MvT2OQIlQAAB0Aw References: <26040005B7F3AA41A0345BCE386CA09701C62A79@FHCLUSRV-EX.dcs.fh-heidelberg.de><26040005B7F3AA41A0345BCE386CA09701C62A7A@FHCLUSRV-EX.dcs.fh-heidelberg.de> <20091117103601.G37440@maildrop.int.zabbadoz.net> <26040005B7F3AA41A0345BCE386CA09701C62A7D@FHCLUSRV-EX.dcs.fh-heidelberg.de> <20091117112535.L37440@maildrop.int.zabbadoz.net> From: "Scheithauer, Lars (FH)" To: "Bjoern A. Zeeb" Cc: freebsd-jail@freebsd.org Subject: AW: AW: Networking from jail - errata X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2009 11:40:56 -0000 Hi Bjoern, I did, but the error was somewhere else. I set the proxy through set http_proxy=3D"http://proxy.example.com:8080" while the correct version would be setenv http_proxy http://proxy.example.com:8080 In both cases, "echo $http_proxy" returns the correct entry. Could you = explain the difference between set and setenv? Best Regards, Lars -----Urspr=FCngliche Nachricht----- Von: Bjoern A. Zeeb [mailto:bzeeb-lists@lists.zabbadoz.net]=20 Gesendet: Dienstag, 17. November 2009 12:28 An: Scheithauer, Lars (FH) Cc: freebsd-jail@freebsd.org Betreff: Re: AW: Networking from jail - errata On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote: Hi, > thanks for the clarification, I changed the values according to your = suggestions. However, it did not resolve the problem. Did you aslo check resolv.conf inside the jail? Does host www.freebsd.org work? > I've checked the proxy logfiles and it seems, that the Makefile(s) = don't try to access the proxy at all while fetching files. Is there any = reason, why the Makefile(s) should not use the *_PROXY-variables on the = jails? I assume the proxy is squid and that the proxy itself works? What if you set the http_proxy variables to an IP address rather than the name (don't use 127.0.0.1 as address, just to rule that out as well). /bz --=20 Bjoern A. Zeeb It will not break if you know what you are doing. From owner-freebsd-jail@FreeBSD.ORG Tue Nov 17 14:12:57 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F0F301065676 for ; Tue, 17 Nov 2009 14:12:57 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id A431B8FC17 for ; Tue, 17 Nov 2009 14:12:57 +0000 (UTC) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 58B6E19E027; Tue, 17 Nov 2009 15:12:56 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 18D1019E023; Tue, 17 Nov 2009 15:12:54 +0100 (CET) Message-ID: <4B02AF65.6080007@quip.cz> Date: Tue, 17 Nov 2009 15:12:53 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.4) Gecko/20091017 SeaMonkey/2.0 MIME-Version: 1.0 To: "Scheithauer, Lars (FH)" References: <26040005B7F3AA41A0345BCE386CA09701C62A79@FHCLUSRV-EX.dcs.fh-heidelberg.de><26040005B7F3AA41A0345BCE386CA09701C62A7A@FHCLUSRV-EX.dcs.fh-heidelberg.de> <20091117103601.G37440@maildrop.int.zabbadoz.net> <26040005B7F3AA41A0345BCE386CA09701C62A7D@FHCLUSRV-EX.dcs.fh-heidelberg.de> <20091117112535.L37440@maildrop.int.zabbadoz.net> <26040005B7F3AA41A0345BCE386CA09701C62A80@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <26040005B7F3AA41A0345BCE386CA09701C62A80@FHCLUSRV-EX.dcs.fh-heidelberg.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "Bjoern A. Zeeb" , freebsd-jail@freebsd.org Subject: Re: AW: AW: Networking from jail - errata X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2009 14:12:58 -0000 Scheithauer, Lars (FH) wrote: > Hi Bjoern, > > I did, but the error was somewhere else. I set the proxy through > set http_proxy="http://proxy.example.com:8080" > while the correct version would be > setenv http_proxy http://proxy.example.com:8080 > > In both cases, "echo $http_proxy" returns the correct entry. Could you explain the difference between set and setenv? The differenc is, that 'set' is for shell variables (in scope of current shell) and 'setenv' is for environment variables. If you use 'set' and then try to print the value from forked shell script, it will be empty. If you use 'setenv', the shell script will print the value. See 'man tcsh' (if you are using tcsh as your login shell) Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Wed Nov 18 13:45:55 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 11FFC106566C for ; Wed, 18 Nov 2009 13:45:55 +0000 (UTC) (envelope-from Lars.Scheithauer@fh-heidelberg.de) Received: from dnsfh.fh-heidelberg.de (dnsfh.fh-heidelberg.de [193.197.74.49]) by mx1.freebsd.org (Postfix) with ESMTP id 908F78FC0C for ; Wed, 18 Nov 2009 13:45:54 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by dnsfh.spamfilter.fh-heidelberg.de (Postfix) with ESMTP id 55C7C1FFD0 for ; Wed, 18 Nov 2009 14:45:53 +0100 (CET) X-Virus-Scanned: AMAVIS New Header in DNSFH Received: from dnsfh.fh-heidelberg.de ([127.0.0.1]) by localhost (dnsfh.fh-heidelberg.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u4biw51eBJ3h for ; Wed, 18 Nov 2009 14:45:50 +0100 (CET) Received: from FHCLUSRV-EX.dcs.fh-heidelberg.de (FHCLUSRV-N1.dcs.fh-heidelberg.de [172.28.0.41]) by dnsfh.fh-heidelberg.de (Postfix) with ESMTP id A1B721FF86 for ; Wed, 18 Nov 2009 14:45:50 +0100 (CET) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Wed, 18 Nov 2009 14:45:50 +0100 Message-ID: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Problem with Apache in Jail Thread-Index: AcpoVXAkMaM6LwFpR8q6M3eOni+x/w== From: "Scheithauer, Lars (FH)" To: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Problem with Apache in Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2009 13:45:55 -0000 Hi everyone, =20 I've started to install an apache22 in a freebsd-jail and have a problem. The jail has a public ip address, so from what I know, I wouldn't have to forward any packages to it. I can reach the apache22 server by ip-address, but not by its DNS - the connection gets "disrupted". I can successfully nslookup the DNS and if I watch the traffic of the browser via wireshark, I see that it sends packages to the server, but the server doesn't send any packages back. I also do not find any traces of the connection attempt in the apache-logs. =20 The config-files of the apache are correct and read (tested by entering some false configs and the server refused to start afterwards - and as said I'm able to access it by its ip). =20 Now, is there any way that this could be caused by the jail? =20 Best Regards, Lars From owner-freebsd-jail@FreeBSD.ORG Wed Nov 18 13:56:57 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7326A106568B for ; Wed, 18 Nov 2009 13:56:57 +0000 (UTC) (envelope-from sociologieopzaterdag@gmail.com) Received: from mail-iw0-f190.google.com (mail-iw0-f190.google.com [209.85.223.190]) by mx1.freebsd.org (Postfix) with ESMTP id 24B388FC18 for ; Wed, 18 Nov 2009 13:56:56 +0000 (UTC) Received: by iwn28 with SMTP id 28so860390iwn.3 for ; Wed, 18 Nov 2009 05:56:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=ppNGf2+uzxQedmUoN938fFgJlsreUNKX8o5QOclYIqQ=; b=f/hxf3Vm1MXOz2dLTsArDjt75eHl94F/fg8tuquCku4nRrIfMoUrlkMiX9OUC1WGZv tGSW3bNpiz9KB0gWMlUwKMm/J3i3xWVcXwNqqiPR4qI88WR5jxGNvbuaW4ut6RYT1a8G /et0N8P4SLdeCaKfG7WqQ/scwokTK0clg1dIE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=fJ5QYfBuBAs5mcLSOS+Nw2LU03+2PaAyOJo4dQT+1nNRRBJG4IzHkFwzV0Jga1dTnh TmwTMS2jJzWmud9pgWiK6TwuhUnevN3aJgXVv42o4pYEyUTaG3Py36m/yRxFpV/2vvDJ WD8eJQkW42YfCjqMsrdViGbDcsZHyYHxlNSZw= MIME-Version: 1.0 Received: by 10.231.125.28 with SMTP id w28mr415832ibr.50.1258551198603; Wed, 18 Nov 2009 05:33:18 -0800 (PST) Date: Wed, 18 Nov 2009 14:33:18 +0100 Message-ID: <4c7a12550911180533y6bed77f5m222725c6a3ca87be@mail.gmail.com> From: jelmer To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Broadcast under Jail problems X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2009 13:56:57 -0000 (create a virtual network interface, and use packet filter) # ifconfig lo1 create # ifconfig lo1 inet 10.0.1.1 netmask 255.255.255.0 # touch /etc/start_if.lo1 # echo "ifconfig lo1 create" >> /etc/start_if.lo1 # cp /usr/share/examples/pf/pf.conf /etc/ (existance of pf.conf is just necessary, later I setup a complete one) (allow networking for jails - required for the installation of ports) * # echo 'nat on bge0 from lo1:network to any -> (bge0)' >> /etc/pf.conf # pfctl -d # pfctl -e -f /etc/pf.conf # echo ' and use this in rc.conf interfaces=3D"lo0 bge0" cloned_interfaces=3D"lo1" ifconfig_re0=3D"inet netmask 255.255.255.128 -rxcsum -txcsum" ifconfig_re0_alias0=3D"inet netmask 255.255.255.128" ifconfig_lo1=3D"inet 10.0.1.1 netmask 255.255.255.0" ifconfig_lo1_alias0=3D"inet 10.0.1.2/24" ifconfig_lo1_alias1=3D"inet 10.0.1.3/32" On Tue, Nov 17, 2009 at 1:00 PM, wrote: > Send freebsd-jail mailing list submissions to > freebsd-jail@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > or, via email, send a message with subject or body 'help' to > freebsd-jail-request@freebsd.org > > You can reach the person managing the list at > freebsd-jail-owner@freebsd.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of freebsd-jail digest..." > > > Today's Topics: > > 1. Re: Broadcast under Jail problems (Vagif Zeynalov) > 2. Networking from jail (Scheithauer, Lars (FH)) > 3. Networking from jail - errata (Scheithauer, Lars (FH)) > 4. Re: Networking from jail - errata (Bjoern A. Zeeb) > 5. AW: Networking from jail - errata (Scheithauer, Lars (FH)) > 6. Re: AW: Networking from jail - errata (Bjoern A. Zeeb) > 7. AW: AW: Networking from jail - errata (Scheithauer, Lars (FH)) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 16 Nov 2009 16:14:59 +0300 > From: "Vagif Zeynalov" > Subject: Re: Broadcast under Jail problems > To: "Bjoern A. Zeeb" > Cc: freebsd-jail@freebsd.org > Message-ID: > Content-Type: text/plain; format=3Dflowed; charset=3D"iso-8859-1"; > reply-type=3Dresponse > > > >> ...I can provide more details if it will be necessary... > > > > error ogs from the application would be interesting to see which > > (sys)call return which error so that we can narrow it down. > > > > You know, to make the answer I just rebuild the mediatomb on the clear ja= il > machine and... the problem has been disappeared! > It's very strange, because I already did it before few times. > > Whatever, sorry guys for disturb. ;-)) > I have to investigate, what did I change at last night in the system. > > Regards, > Vagif > > > > ------------------------------ > > Message: 2 > Date: Tue, 17 Nov 2009 10:18:59 +0100 > From: "Scheithauer, Lars (FH)" > Subject: Networking from jail > To: > Message-ID: > < > 26040005B7F3AA41A0345BCE386CA09701C62A79@FHCLUSRV-EX.dcs.fh-heidelberg.de= > > > Content-Type: text/plain; charset=3D"us-ascii" > > Hi everyone! > > I'm having a little trouble with my jail's networking and I'm not sure > what to make of it. > > My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The > jailhost has both IP-adresses, the jail has just it's own: > > Jail# ifconfig > bce0: flags=3D8843 metric 0 mtu > 1500 > > options=3D1bb TSO4> > ether xx:xx:xx:xx:xx:10 > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > media: Ethernet autoselect (1000baseSX ) > status: active > [...] > Host# ifconfig > bce0: flags=3D8843 metric 0 mtu > 1500 > > options=3D1bb TSO4> > ether xx:xx:xx:xx:xx:10 > inet x.y.z.61 netmask 0xffffffc0 broadcast x.y.z.63 > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > media: Ethernet autoselect (1000baseSX ) > status: active > [...] > > I am able to access the ssh-server running on the jail, and I am able to > access the proxyserver of our network via telnet and get some pages of > the internet. However, if I want to install something from the ports, > the jail is unable to fetch it: > > Jail# cd /usr/ports/ftp/wget > Jail# make > =3D=3D=3D> Vulnerability check disabled, database not found > =3D=3D=3D> Found saved configuration for wget-1.11.4_1 > =3D> wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. > =3D> Attempting to fetch from http://ftp.gnu.org/gnu/wget/. > fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed > out > =3D> Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/. > [...] > > I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY > and FTP_PROXY. If I test the connection with netcat, I get the following > error message: > # nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80 > nc: read failed (0/3): Broken pipe > > The funny thing is, that I have no problem installing ports from the > Host-system. From what I can tell, all the config files are correct: > > Jail# cat /etc/rc.conf > sshd_enable=3D"YES" > ifconfig_bce0=3D"inet x.y.z.60 netmask 255.255.255.192" > defaultrouter=3D"x.y.z.62" > hostname=3D"jail.example.com" > > Host# cat /etc/rc.conf > sshd_enable=3D"NO" > ifconfig_bce0=3D"inet x.y.z.61 netmask 255.255.255.192" > defaultrouter=3D"x.y.z.62" > hostname=3D"host.example.com" > ipv6_enable=3D"NO" > jail_enable=3D"YES" > jail_set_hostname_allow=3D"NO" > jail_list=3D"jail" > jail_jail_hostname=3D"jail" > jail_jail_ip=3D"x.y.z.60" jail_jail_rootdir=3D"my/jail/root" > jail_jail_devfs_enable=3D"YES" > > Any ideas? > > Best Regards, > Lars > > > ------------------------------ > > Message: 3 > Date: Tue, 17 Nov 2009 10:48:59 +0100 > From: "Scheithauer, Lars (FH)" > Subject: Networking from jail - errata > To: > Message-ID: > < > 26040005B7F3AA41A0345BCE386CA09701C62A7A@FHCLUSRV-EX.dcs.fh-heidelberg.de= > > > Content-Type: text/plain; charset=3D"iso-8859-1" > > Quick note: > Forgot to replace two values. > Jail - x.y.z.61 > Host - x.y.z.60 > Router - x.y.z.62 > > > -----Urspr=FCngliche Nachricht----- > Von: owner-freebsd-jail@freebsd.org [mailto:owner-freebsd-jail@freebsd.or= g] > Im Auftrag von Scheithauer, Lars (FH) > Gesendet: Dienstag, 17. November 2009 10:19 > An: freebsd-jail@freebsd.org > Betreff: Networking from jail > > Hi everyone! > > I'm having a little trouble with my jail's networking and I'm not sure > what to make of it. > > My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The > jailhost has both IP-adresses, the jail has just it's own: > > Jail# ifconfig > bce0: flags=3D8843 metric 0 mtu > 1500 > > options=3D1bb TSO4> > ether xx:xx:xx:xx:xx:10 > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > media: Ethernet autoselect (1000baseSX ) > status: active > [...] > Host# ifconfig > bce0: flags=3D8843 metric 0 mtu > 1500 > > options=3D1bb TSO4> > ether xx:xx:xx:xx:xx:10 > inet x.y.z.61 netmask 0xffffffc0 broadcast x.y.z.63 > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > media: Ethernet autoselect (1000baseSX ) > status: active > [...] > > I am able to access the ssh-server running on the jail, and I am able to > access the proxyserver of our network via telnet and get some pages of > the internet. However, if I want to install something from the ports, > the jail is unable to fetch it: > > Jail# cd /usr/ports/ftp/wget > Jail# make > =3D=3D=3D> Vulnerability check disabled, database not found > =3D=3D=3D> Found saved configuration for wget-1.11.4_1 > =3D> wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. > =3D> Attempting to fetch from http://ftp.gnu.org/gnu/wget/. > fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed > out > =3D> Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/. > [...] > > I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY > and FTP_PROXY. If I test the connection with netcat, I get the following > error message: > # nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80 > nc: read failed (0/3): Broken pipe > > The funny thing is, that I have no problem installing ports from the > Host-system. From what I can tell, all the config files are correct: > > Jail# cat /etc/rc.conf > sshd_enable=3D"YES" > ifconfig_bce0=3D"inet x.y.z.60 netmask 255.255.255.192" > defaultrouter=3D"x.y.z.62" > hostname=3D"jail.example.com" > > Host# cat /etc/rc.conf > sshd_enable=3D"NO" > ifconfig_bce0=3D"inet x.y.z.61 netmask 255.255.255.192" > defaultrouter=3D"x.y.z.62" > hostname=3D"host.example.com" > ipv6_enable=3D"NO" > jail_enable=3D"YES" > jail_set_hostname_allow=3D"NO" > jail_list=3D"jail" > jail_jail_hostname=3D"jail" > jail_jail_ip=3D"x.y.z.60" > jail_jail_rootdir=3D"my/jail/root" > jail_jail_devfs_enable=3D"YES" > > Any ideas? > > Best Regards, > Lars > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > > > ------------------------------ > > Message: 4 > Date: Tue, 17 Nov 2009 10:40:54 +0000 (UTC) > From: "Bjoern A. Zeeb" > Subject: Re: Networking from jail - errata > To: "Scheithauer, Lars (FH)" > Cc: freebsd-jail@freebsd.org > Message-ID: <20091117103601.G37440@maildrop.int.zabbadoz.net> > Content-Type: text/plain; charset=3D"iso-8859-1" > > On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote: > > Hi, > > > Quick note: > > Forgot to replace two values. > > Jail - x.y.z.61 > > Host - x.y.z.60 > > Router - x.y.z.62 > > > > > > -----Urspr=FCngliche Nachricht----- > > Von: owner-freebsd-jail@freebsd.org [mailto: > owner-freebsd-jail@freebsd.org] Im Auftrag von Scheithauer, Lars (FH) > > Gesendet: Dienstag, 17. November 2009 10:19 > > An: freebsd-jail@freebsd.org > > Betreff: Networking from jail > > > > Hi everyone! > > > > I'm having a little trouble with my jail's networking and I'm not sure > > what to make of it. > > > > My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The > > jailhost has both IP-adresses, the jail has just it's own: > > > > Jail# ifconfig > > bce0: flags=3D8843 metric 0 mtu > > 1500 > > > > options=3D1bb > TSO4> > > ether xx:xx:xx:xx:xx:10 > > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > > media: Ethernet autoselect (1000baseSX ) > > status: active > > [...] > > Host# ifconfig > > bce0: flags=3D8843 metric 0 mtu > > 1500 > > > > options=3D1bb > TSO4> > > ether xx:xx:xx:xx:xx:10 > > inet x.y.z.61 netmask 0xffffffc0 broadcast x.y.z.63 > > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > > media: Ethernet autoselect (1000baseSX ) > > status: active > > [...] > > > > I am able to access the ssh-server running on the jail, and I am able t= o > > access the proxyserver of our network via telnet and get some pages of > > the internet. However, if I want to install something from the ports, > > the jail is unable to fetch it: > > > > Jail# cd /usr/ports/ftp/wget > > Jail# make > > =3D=3D=3D> Vulnerability check disabled, database not found > > =3D=3D=3D> Found saved configuration for wget-1.11.4_1 > > =3D> wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/= . > > =3D> Attempting to fetch from http://ftp.gnu.org/gnu/wget/. > > fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed > > out > > =3D> Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/. > > [...] > > > > I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY > > and FTP_PROXY. If I test the connection with netcat, I get the followin= g > > error message: > > # nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80 > > nc: read failed (0/3): Broken pipe > > The usual thing I am interested at that point is - does name > resolution work properly from within the jail? /etc/resolv.conf setup > correctly etc? > > > > > The funny thing is, that I have no problem installing ports from the > > Host-system. From what I can tell, all the config files are correct: > > > > Jail# cat /etc/rc.conf > > sshd_enable=3D"YES" > > ifconfig_bce0=3D"inet x.y.z.60 netmask 255.255.255.192" > > defaultrouter=3D"x.y.z.62" > > hostname=3D"jail.example.com" > > That's not going to work, really (the ifconfig, defaultrouter, and > unless you changed the defaults on the host system not even the > hostname). You should actually remove those. > > > > Host# cat /etc/rc.conf > > sshd_enable=3D"NO" > > ifconfig_bce0=3D"inet x.y.z.61 netmask 255.255.255.192" > > defaultrouter=3D"x.y.z.62" > > hostname=3D"host.example.com" > > ipv6_enable=3D"NO" > > jail_enable=3D"YES" > > jail_set_hostname_allow=3D"NO" > > jail_list=3D"jail" > > jail_jail_hostname=3D"jail" > > jail_jail_ip=3D"x.y.z.60" > > jail_jail_rootdir=3D"my/jail/root" > > jail_jail_devfs_enable=3D"YES" > > That doesn't really match your ifconfig output from above; something > on the host system would have to set the IP address of the host. I > would expect something like (you may have mixed jail and host > addresses so properly sort this): > > # host system IP address > ifconfig_bce0=3Dinet x.y.z.61 netmask 255.255.255.192" > # jail IP address > ifconfig_bce0_alias0=3Dinet x.y.z.60 netmask 255.255.255.255" > > Note that the alias has a /32 netmask. > > > /bz > > -- > Bjoern A. Zeeb It will not break if you know what you are doing. > > ------------------------------ > > Message: 5 > Date: Tue, 17 Nov 2009 12:18:40 +0100 > From: "Scheithauer, Lars (FH)" > Subject: AW: Networking from jail - errata > To: > Cc: "Bjoern A. Zeeb" > Message-ID: > < > 26040005B7F3AA41A0345BCE386CA09701C62A7D@FHCLUSRV-EX.dcs.fh-heidelberg.de= > > > Content-Type: text/plain; charset=3D"iso-8859-1" > > Hi Bjoern, > > thanks for the clarification, I changed the values according to your > suggestions. However, it did not resolve the problem. > > I've checked the proxy logfiles and it seems, that the Makefile(s) don't > try to access the proxy at all while fetching files. Is there any reason, > why the Makefile(s) should not use the *_PROXY-variables on the jails? > > Best Regards, > Lars > > > > -----Urspr=FCngliche Nachricht----- > Von: owner-freebsd-jail@freebsd.org [mailto:owner-freebsd-jail@freebsd.or= g] > Im Auftrag von Bjoern A. Zeeb > Gesendet: Dienstag, 17. November 2009 11:41 > An: Scheithauer, Lars (FH) > Cc: freebsd-jail@freebsd.org > Betreff: Re: Networking from jail - errata > > On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote: > > Hi, > > > Quick note: > > Forgot to replace two values. > > Jail - x.y.z.61 > > Host - x.y.z.60 > > Router - x.y.z.62 > > > > > > -----Urspr=FCngliche Nachricht----- > > Von: owner-freebsd-jail@freebsd.org [mailto: > owner-freebsd-jail@freebsd.org] Im Auftrag von Scheithauer, Lars (FH) > > Gesendet: Dienstag, 17. November 2009 10:19 > > An: freebsd-jail@freebsd.org > > Betreff: Networking from jail > > > > Hi everyone! > > > > I'm having a little trouble with my jail's networking and I'm not sure > > what to make of it. > > > > My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The > > jailhost has both IP-adresses, the jail has just it's own: > > > > Jail# ifconfig > > bce0: flags=3D8843 metric 0 mtu > > 1500 > > > > options=3D1bb > TSO4> > > ether xx:xx:xx:xx:xx:10 > > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > > media: Ethernet autoselect (1000baseSX ) > > status: active > > [...] > > Host# ifconfig > > bce0: flags=3D8843 metric 0 mtu > > 1500 > > > > options=3D1bb > TSO4> > > ether xx:xx:xx:xx:xx:10 > > inet x.y.z.61 netmask 0xffffffc0 broadcast x.y.z.63 > > inet x.y.z.60 netmask 0xffffffc0 broadcast x.y.z.63 > > media: Ethernet autoselect (1000baseSX ) > > status: active > > [...] > > > > I am able to access the ssh-server running on the jail, and I am able t= o > > access the proxyserver of our network via telnet and get some pages of > > the internet. However, if I want to install something from the ports, > > the jail is unable to fetch it: > > > > Jail# cd /usr/ports/ftp/wget > > Jail# make > > =3D=3D=3D> Vulnerability check disabled, database not found > > =3D=3D=3D> Found saved configuration for wget-1.11.4_1 > > =3D> wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/= . > > =3D> Attempting to fetch from http://ftp.gnu.org/gnu/wget/. > > fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed > > out > > =3D> Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/. > > [...] > > > > I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY > > and FTP_PROXY. If I test the connection with netcat, I get the followin= g > > error message: > > # nc -zvw 1 -x 'proxy.example.com:8080' www.freebsd.org 80 > > nc: read failed (0/3): Broken pipe > > The usual thing I am interested at that point is - does name > resolution work properly from within the jail? /etc/resolv.conf setup > correctly etc? > > > > > The funny thing is, that I have no problem installing ports from the > > Host-system. From what I can tell, all the config files are correct: > > > > Jail# cat /etc/rc.conf > > sshd_enable=3D"YES" > > ifconfig_bce0=3D"inet x.y.z.60 netmask 255.255.255.192" > > defaultrouter=3D"x.y.z.62" > > hostname=3D"jail.example.com" > > That's not going to work, really (the ifconfig, defaultrouter, and > unless you changed the defaults on the host system not even the > hostname). You should actually remove those. > > > > Host# cat /etc/rc.conf > > sshd_enable=3D"NO" > > ifconfig_bce0=3D"inet x.y.z.61 netmask 255.255.255.192" > > defaultrouter=3D"x.y.z.62" > > hostname=3D"host.example.com" > > ipv6_enable=3D"NO" > > jail_enable=3D"YES" > > jail_set_hostname_allow=3D"NO" > > jail_list=3D"jail" > > jail_jail_hostname=3D"jail" > > jail_jail_ip=3D"x.y.z.60" > > jail_jail_rootdir=3D"my/jail/root" > > jail_jail_devfs_enable=3D"YES" > > That doesn't really match your ifconfig output from above; something > on the host system would have to set the IP address of the host. I > would expect something like (you may have mixed jail and host > addresses so properly sort this): > > # host system IP address > ifconfig_bce0=3Dinet x.y.z.61 netmask 255.255.255.192" > # jail IP address > ifconfig_bce0_alias0=3Dinet x.y.z.60 netmask 255.255.255.255" > > Note that the alias has a /32 netmask. > > > /bz > > -- > Bjoern A. Zeeb It will not break if you know what you are doing. > > > ------------------------------ > > Message: 6 > Date: Tue, 17 Nov 2009 11:27:40 +0000 (UTC) > From: "Bjoern A. Zeeb" > Subject: Re: AW: Networking from jail - errata > To: "Scheithauer, Lars (FH)" > Cc: freebsd-jail@freebsd.org > Message-ID: <20091117112535.L37440@maildrop.int.zabbadoz.net> > Content-Type: TEXT/PLAIN; charset=3DUS-ASCII; format=3Dflowed > > On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote: > > Hi, > > > thanks for the clarification, I changed the values according to your > suggestions. However, it did not resolve the problem. > > Did you aslo check resolv.conf inside the jail? > Does host www.freebsd.org work? > > > > I've checked the proxy logfiles and it seems, that the Makefile(s) don'= t > try to access the proxy at all while fetching files. Is there any reason, > why the Makefile(s) should not use the *_PROXY-variables on the jails? > > I assume the proxy is squid and that the proxy itself works? > What if you set the http_proxy variables to an IP address rather than > the name (don't use 127.0.0.1 as address, just to rule that out as > well). > > /bz > > -- > Bjoern A. Zeeb It will not break if you know what you are doing. > > > ------------------------------ > > Message: 7 > Date: Tue, 17 Nov 2009 12:40:51 +0100 > From: "Scheithauer, Lars (FH)" > Subject: AW: AW: Networking from jail - errata > To: "Bjoern A. Zeeb" > Cc: freebsd-jail@freebsd.org > Message-ID: > < > 26040005B7F3AA41A0345BCE386CA09701C62A80@FHCLUSRV-EX.dcs.fh-heidelberg.de= > > > Content-Type: text/plain; charset=3D"iso-8859-1" > > Hi Bjoern, > > I did, but the error was somewhere else. I set the proxy through > set http_proxy=3D"http://proxy.example.com:8080" > while the correct version would be > setenv http_proxy http://proxy.example.com:8080 > > In both cases, "echo $http_proxy" returns the correct entry. Could you > explain the difference between set and setenv? > > Best Regards, > Lars > > > > -----Urspr=FCngliche Nachricht----- > Von: Bjoern A. Zeeb [mailto:bzeeb-lists@lists.zabbadoz.net] > Gesendet: Dienstag, 17. November 2009 12:28 > An: Scheithauer, Lars (FH) > Cc: freebsd-jail@freebsd.org > Betreff: Re: AW: Networking from jail - errata > > On Tue, 17 Nov 2009, Scheithauer, Lars (FH) wrote: > > Hi, > > > thanks for the clarification, I changed the values according to your > suggestions. However, it did not resolve the problem. > > Did you aslo check resolv.conf inside the jail? > Does host www.freebsd.org work? > > > > I've checked the proxy logfiles and it seems, that the Makefile(s) don'= t > try to access the proxy at all while fetching files. Is there any reason, > why the Makefile(s) should not use the *_PROXY-variables on the jails? > > I assume the proxy is squid and that the proxy itself works? > What if you set the http_proxy variables to an IP address rather than > the name (don't use 127.0.0.1 as address, just to rule that out as > well). > > /bz > > -- > Bjoern A. Zeeb It will not break if you know what you are doing. > > > ------------------------------ > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > > > End of freebsd-jail Digest, Vol 120, Issue 2 > ******************************************** > From owner-freebsd-jail@FreeBSD.ORG Wed Nov 18 14:44:12 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 447721065676 for ; Wed, 18 Nov 2009 14:44:12 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id F2CFB8FC20 for ; Wed, 18 Nov 2009 14:44:11 +0000 (UTC) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id E4DC619E027; Wed, 18 Nov 2009 15:44:10 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id B9DC519E023; Wed, 18 Nov 2009 15:44:08 +0100 (CET) Message-ID: <4B040838.8020103@quip.cz> Date: Wed, 18 Nov 2009 15:44:08 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.4) Gecko/20091017 SeaMonkey/2.0 MIME-Version: 1.0 To: "Scheithauer, Lars (FH)" References: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: Problem with Apache in Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2009 14:44:12 -0000 Scheithauer, Lars (FH) wrote: > Hi everyone, > > I've started to install an apache22 in a freebsd-jail and have a > problem. The jail has a public ip address, so from what I know, I > wouldn't have to forward any packages to it. I can reach the apache22 > server by ip-address, but not by its DNS - the connection gets > "disrupted". I can successfully nslookup the DNS and if I watch the > traffic of the browser via wireshark, I see that it sends packages to > the server, but the server doesn't send any packages back. I also do not > find any traces of the connection attempt in the apache-logs. > > The config-files of the apache are correct and read (tested by entering > some false configs and the server refused to start afterwards - and as > said I'm able to access it by its ip). > > > > Now, is there any way that this could be caused by the jail? You did not post what version and architecture you are using... But I am runing several jails with Apache or Lighttpd without any issues (on 6.3 i386 and 7.2 i386 + amd64). So I expect some misconfiguration on your side. Are you sure you have correct DNS entries pointing to right IP and you have working resolv.conf inside jail? What about /etc/hosts? Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Wed Nov 18 15:11:21 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B03B1065672 for ; Wed, 18 Nov 2009 15:11:21 +0000 (UTC) (envelope-from Lars.Scheithauer@fh-heidelberg.de) Received: from dnsfh.fh-heidelberg.de (dnsfh.fh-heidelberg.de [193.197.74.49]) by mx1.freebsd.org (Postfix) with ESMTP id 924528FC13 for ; Wed, 18 Nov 2009 15:11:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by dnsfh.spamfilter.fh-heidelberg.de (Postfix) with ESMTP id 1DDBB2000C; Wed, 18 Nov 2009 16:11:19 +0100 (CET) X-Virus-Scanned: AMAVIS New Header in DNSFH Received: from dnsfh.fh-heidelberg.de ([127.0.0.1]) by localhost (dnsfh.fh-heidelberg.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6yzn0g4c58aY; Wed, 18 Nov 2009 16:11:16 +0100 (CET) Received: from FHCLUSRV-EX.dcs.fh-heidelberg.de (FHCLUSRV-N1.dcs.fh-heidelberg.de [172.28.0.41]) by dnsfh.fh-heidelberg.de (Postfix) with ESMTP id CF18220016; Wed, 18 Nov 2009 16:11:13 +0100 (CET) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Wed, 18 Nov 2009 16:11:12 +0100 Message-ID: <26040005B7F3AA41A0345BCE386CA09701C62A8F@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <4B040838.8020103@quip.cz> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Problem with Apache in Jail Thread-Index: AcpoXZmgZirwUcfcRi2Z9ktNf253WwAAoXPg References: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de> <4B040838.8020103@quip.cz> From: "Scheithauer, Lars (FH)" To: "Miroslav Lachman" <000.fbsd@quip.cz> Cc: freebsd-jail@freebsd.org Subject: AW: Problem with Apache in Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2009 15:11:21 -0000 Hi Miroslav, the system is a FreeBSD 8.0-rc3 with apache22. nslookup is working fine - I did not enter the vhosts name into the = /etc/hosts before, but even adding it doesn't change the problem. Any other ideas I might check out? Best Regards, Lars -----Urspr=FCngliche Nachricht----- Von: Miroslav Lachman [mailto:000.fbsd@quip.cz]=20 Gesendet: Mittwoch, 18. November 2009 15:44 An: Scheithauer, Lars (FH) Cc: freebsd-jail@freebsd.org Betreff: Re: Problem with Apache in Jail Scheithauer, Lars (FH) wrote: > Hi everyone, > > I've started to install an apache22 in a freebsd-jail and have a > problem. The jail has a public ip address, so from what I know, I > wouldn't have to forward any packages to it. I can reach the apache22 > server by ip-address, but not by its DNS - the connection gets > "disrupted". I can successfully nslookup the DNS and if I watch the > traffic of the browser via wireshark, I see that it sends packages to > the server, but the server doesn't send any packages back. I also do = not > find any traces of the connection attempt in the apache-logs. > > The config-files of the apache are correct and read (tested by = entering > some false configs and the server refused to start afterwards - and as > said I'm able to access it by its ip). > > > > Now, is there any way that this could be caused by the jail? You did not post what version and architecture you are using... But I am runing several jails with Apache or Lighttpd without any issues = (on 6.3 i386 and 7.2 i386 + amd64). So I expect some misconfiguration on your side. Are you sure you have correct DNS entries pointing to right IP and you=20 have working resolv.conf inside jail? What about /etc/hosts? Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Thu Nov 19 14:04:13 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F282E1065694 for ; Thu, 19 Nov 2009 14:04:12 +0000 (UTC) (envelope-from Lars.Scheithauer@fh-heidelberg.de) Received: from dnsfh.fh-heidelberg.de (dnsfh.fh-heidelberg.de [193.197.74.49]) by mx1.freebsd.org (Postfix) with ESMTP id 69B8A8FC24 for ; Thu, 19 Nov 2009 14:04:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by dnsfh.spamfilter.fh-heidelberg.de (Postfix) with ESMTP id 8FE5D20028; Thu, 19 Nov 2009 15:04:10 +0100 (CET) X-Virus-Scanned: AMAVIS New Header in DNSFH Received: from dnsfh.fh-heidelberg.de ([127.0.0.1]) by localhost (dnsfh.fh-heidelberg.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oWZKo0lBGXWH; Thu, 19 Nov 2009 15:04:07 +0100 (CET) Received: from FHCLUSRV-EX.dcs.fh-heidelberg.de (FHCLUSRV-N1.dcs.fh-heidelberg.de [172.28.0.41]) by dnsfh.fh-heidelberg.de (Postfix) with ESMTP id C93CF20013; Thu, 19 Nov 2009 15:04:07 +0100 (CET) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Thu, 19 Nov 2009 15:04:07 +0100 Message-ID: <26040005B7F3AA41A0345BCE386CA09701C62A94@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <26040005B7F3AA41A0345BCE386CA09701C62A8F@FHCLUSRV-EX.dcs.fh-heidelberg.de> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Problem with Apache in Jail Thread-Index: AcpoXZmgZirwUcfcRi2Z9ktNf253WwAAoXPgADA2QHA= References: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de><4B040838.8020103@quip.cz> <26040005B7F3AA41A0345BCE386CA09701C62A8F@FHCLUSRV-EX.dcs.fh-heidelberg.de> From: "Scheithauer, Lars (FH)" To: "Scheithauer, Lars (FH)" , "Miroslav Lachman" <000.fbsd@quip.cz> Cc: freebsd-jail@freebsd.org Subject: AW: Problem with Apache in Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Nov 2009 14:04:13 -0000 On a follow-up: I just recognized, that I may access the vhost correctly from the server = itself via lynx, but I am still unable to access any vhost from the = outside (I can access the default by ip, though). -----Urspr=FCngliche Nachricht----- Von: owner-freebsd-jail@freebsd.org = [mailto:owner-freebsd-jail@freebsd.org] Im Auftrag von Scheithauer, Lars = (FH) Gesendet: Mittwoch, 18. November 2009 16:11 An: Miroslav Lachman Cc: freebsd-jail@freebsd.org Betreff: AW: Problem with Apache in Jail Hi Miroslav, the system is a FreeBSD 8.0-rc3 with apache22. nslookup is working fine - I did not enter the vhosts name into the = /etc/hosts before, but even adding it doesn't change the problem. Any other ideas I might check out? Best Regards, Lars -----Urspr=FCngliche Nachricht----- Von: Miroslav Lachman [mailto:000.fbsd@quip.cz]=20 Gesendet: Mittwoch, 18. November 2009 15:44 An: Scheithauer, Lars (FH) Cc: freebsd-jail@freebsd.org Betreff: Re: Problem with Apache in Jail Scheithauer, Lars (FH) wrote: > Hi everyone, > > I've started to install an apache22 in a freebsd-jail and have a > problem. The jail has a public ip address, so from what I know, I > wouldn't have to forward any packages to it. I can reach the apache22 > server by ip-address, but not by its DNS - the connection gets > "disrupted". I can successfully nslookup the DNS and if I watch the > traffic of the browser via wireshark, I see that it sends packages to > the server, but the server doesn't send any packages back. I also do = not > find any traces of the connection attempt in the apache-logs. > > The config-files of the apache are correct and read (tested by = entering > some false configs and the server refused to start afterwards - and as > said I'm able to access it by its ip). > > > > Now, is there any way that this could be caused by the jail? You did not post what version and architecture you are using... But I am runing several jails with Apache or Lighttpd without any issues = (on 6.3 i386 and 7.2 i386 + amd64). So I expect some misconfiguration on your side. Are you sure you have correct DNS entries pointing to right IP and you=20 have working resolv.conf inside jail? What about /etc/hosts? Miroslav Lachman _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Thu Nov 19 17:14:20 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 776CC106566B for ; Thu, 19 Nov 2009 17:14:20 +0000 (UTC) (envelope-from bsemene@cyanide-studio.com) Received: from relay.cyanide-studio.com (relay.cyanide-studio.com [91.121.7.6]) by mx1.freebsd.org (Postfix) with ESMTP id C3E288FC1E for ; Thu, 19 Nov 2009 17:14:19 +0000 (UTC) Received: from mail.cyanide-studio.com (LAubervilliers-153-52-12-153.w217-128.abo.wanadoo.fr [217.128.107.153]) by relay.cyanide-studio.com (Postfix) with ESMTP id 64152965556 for ; Thu, 19 Nov 2009 16:50:10 +0000 (UTC) Received: from localhost (unknown [10.1.8.14]) by mail.cyanide-studio.com (Postfix) with ESMTP id 08CC417BDC51 for ; Thu, 19 Nov 2009 17:50:10 +0100 (CET) Received: from mail.cyanide-studio.com ([10.1.8.3]) by localhost (mailguard.cyanide-studio.com [10.1.8.14]) (amavisd-maia, port 10024) with ESMTP id 86102-04 for ; Thu, 19 Nov 2009 17:50:09 +0100 (CET) Received: from [10.1.8.220] (unknown [10.1.8.220]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: bsemene@cyanide-studio.com) by mail.cyanide-studio.com (Postfix) with ESMTP id CA8C017BDC50 for ; Thu, 19 Nov 2009 17:50:09 +0100 (CET) Message-ID: <4B057741.7000700@cyanide-studio.com> Date: Thu, 19 Nov 2009 17:50:09 +0100 From: Bastien Semene User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 CC: freebsd-jail@freebsd.org References: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de><4B040838.8020103@quip.cz> <26040005B7F3AA41A0345BCE386CA09701C62A8F@FHCLUSRV-EX.dcs.fh-heidelberg.de> <26040005B7F3AA41A0345BCE386CA09701C62A94@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <26040005B7F3AA41A0345BCE386CA09701C62A94@FHCLUSRV-EX.dcs.fh-heidelberg.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: AW: Problem with Apache in Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Nov 2009 17:14:20 -0000 Hi Lars, How did you installed the jail system ? Have you a firewall activated, what does the logs say ? What a telnet says ? In my access.log I have the following line (401 because it needs authentication) : x.y.z.a - - [19/Nov/2009:17:47:36 +0100] "HEAD / HTTP/1.1" 401 - "-" "-" telnet w/ HTTP : $ telnet freebsd.org 80 Trying 69.147.83.40... Connected to freebsd.org. Escape character is '^]'. HEAD / HTTP/1.1 Host: www.freebsd.org HTTP/1.1 301 Moved Permanently Location: http://www.freebsd.org/ Date: Thu, 19 Nov 2009 16:44:54 GMT Server: httpd/1.4.x Gualala Connection closed by foreign host. Best Regards, Scheithauer, Lars (FH) a écrit : > On a follow-up: > I just recognized, that I may access the vhost correctly from the server itself via lynx, but I am still unable to access any vhost from the outside (I can access the default by ip, though). > > > > > -----Ursprüngliche Nachricht----- > Von: owner-freebsd-jail@freebsd.org [mailto:owner-freebsd-jail@freebsd.org] Im Auftrag von Scheithauer, Lars (FH) > Gesendet: Mittwoch, 18. November 2009 16:11 > An: Miroslav Lachman > Cc: freebsd-jail@freebsd.org > Betreff: AW: Problem with Apache in Jail > > Hi Miroslav, > > the system is a FreeBSD 8.0-rc3 with apache22. > > nslookup is working fine - I did not enter the vhosts name into the /etc/hosts before, but even adding it doesn't change the problem. > > Any other ideas I might check out? > > Best Regards, > Lars > > > > -----Ursprüngliche Nachricht----- > Von: Miroslav Lachman [mailto:000.fbsd@quip.cz] > Gesendet: Mittwoch, 18. November 2009 15:44 > An: Scheithauer, Lars (FH) > Cc: freebsd-jail@freebsd.org > Betreff: Re: Problem with Apache in Jail > > Scheithauer, Lars (FH) wrote: > >> Hi everyone, >> >> I've started to install an apache22 in a freebsd-jail and have a >> problem. The jail has a public ip address, so from what I know, I >> wouldn't have to forward any packages to it. I can reach the apache22 >> server by ip-address, but not by its DNS - the connection gets >> "disrupted". I can successfully nslookup the DNS and if I watch the >> traffic of the browser via wireshark, I see that it sends packages to >> the server, but the server doesn't send any packages back. I also do not >> find any traces of the connection attempt in the apache-logs. >> >> The config-files of the apache are correct and read (tested by entering >> some false configs and the server refused to start afterwards - and as >> said I'm able to access it by its ip). >> >> >> >> Now, is there any way that this could be caused by the jail? >> > > You did not post what version and architecture you are using... > But I am runing several jails with Apache or Lighttpd without any issues > (on 6.3 i386 and 7.2 i386 + amd64). > So I expect some misconfiguration on your side. > > Are you sure you have correct DNS entries pointing to right IP and you > have working resolv.conf inside jail? What about /etc/hosts? > > Miroslav Lachman > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > > -- Bastien Semene Administrateur Réseau & Systčme admin@cyanide-studio.com +33 (0)1 47 86 30 80 Cyanide S.A. 5, Boulevard des Bouvets 92000 Nanterre - FRANCE From owner-freebsd-jail@FreeBSD.ORG Fri Nov 20 06:49:37 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B15421065694 for ; Fri, 20 Nov 2009 06:49:37 +0000 (UTC) (envelope-from Lars.Scheithauer@fh-heidelberg.de) Received: from dnsfh.fh-heidelberg.de (dnsfh.fh-heidelberg.de [193.197.74.49]) by mx1.freebsd.org (Postfix) with ESMTP id 3784F8FC14 for ; Fri, 20 Nov 2009 06:49:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by dnsfh.spamfilter.fh-heidelberg.de (Postfix) with ESMTP id 109A720042; Fri, 20 Nov 2009 07:49:36 +0100 (CET) X-Virus-Scanned: AMAVIS New Header in DNSFH Received: from dnsfh.fh-heidelberg.de ([127.0.0.1]) by localhost (dnsfh.fh-heidelberg.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5WxMrDculctC; Fri, 20 Nov 2009 07:49:33 +0100 (CET) Received: from FHCLUSRV-EX.dcs.fh-heidelberg.de (FHCLUSRV-N1.dcs.fh-heidelberg.de [172.28.0.41]) by dnsfh.fh-heidelberg.de (Postfix) with ESMTP id 4AC302003B; Fri, 20 Nov 2009 07:49:33 +0100 (CET) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Fri, 20 Nov 2009 07:49:36 +0100 Message-ID: <26040005B7F3AA41A0345BCE386CA09701C62A98@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <4B057741.7000700@cyanide-studio.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: AW: Problem with Apache in Jail Thread-Index: AcppPBOUviz4e8CnQ26jRRdE+Ero6AAcI9SQ References: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de><4B040838.8020103@quip.cz> <26040005B7F3AA41A0345BCE386CA09701C62A8F@FHCLUSRV-EX.dcs.fh-heidelberg.de><26040005B7F3AA41A0345BCE386CA09701C62A94@FHCLUSRV-EX.dcs.fh-heidelberg.de> <4B057741.7000700@cyanide-studio.com> From: "Scheithauer, Lars (FH)" To: "Bastien Semene" Cc: freebsd-jail@freebsd.org Subject: AW: AW: Problem with Apache in Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2009 06:49:37 -0000 Hi Bastien, I've set up the jail after this guide[1] of the FreeBSD handbook. A firewall is not active (yet), since I first wanted the jail to work. If I telnet to the server from the inside (DNS and IP), I can get a = valid response. If I telnet to the servers ip from the outside, too. = However, as soon as I try to get the files of a specific hostname, I get = a timeout (more specifically, I can connect to the server, but it won't = give any single packet back, according to wireshark). I don't get the problem and honestly don't know where to look anymore. = If it would be an apache config problem, it should not work from the = inside, too. If it's a jail problem, I don't know what else to activate = (even tried to allow raw sockets). The problem is also persistent with = the apache20-installation. For the logfiles: I do get an entry, if I get something back from the = server. If I don't get anything back from the server, I don't get an = entry. Best regards, Lars _______________________________________________________________________ [1] = http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-applicati= on.html -----Urspr=FCngliche Nachricht----- Von: owner-freebsd-jail@freebsd.org = [mailto:owner-freebsd-jail@freebsd.org] Im Auftrag von Bastien Semene Gesendet: Donnerstag, 19. November 2009 17:50 Cc: freebsd-jail@freebsd.org Betreff: Re: AW: Problem with Apache in Jail Hi Lars, How did you installed the jail system ? Have you a firewall activated, what does the logs say ? What a telnet says ? In my access.log I have the following line (401 because it needs=20 authentication) : x.y.z.a - - [19/Nov/2009:17:47:36 +0100] "HEAD / HTTP/1.1" 401 - "-" "-" telnet w/ HTTP : $ telnet freebsd.org 80 Trying 69.147.83.40... Connected to freebsd.org. Escape character is '^]'. HEAD / HTTP/1.1 Host: www.freebsd.org HTTP/1.1 301 Moved Permanently Location: http://www.freebsd.org/ Date: Thu, 19 Nov 2009 16:44:54 GMT Server: httpd/1.4.x Gualala Connection closed by foreign host. Best Regards, Scheithauer, Lars (FH) a =E9crit : > On a follow-up: > I just recognized, that I may access the vhost correctly from the = server itself via lynx, but I am still unable to access any vhost from = the outside (I can access the default by ip, though). > > > > > -----Urspr=FCngliche Nachricht----- > Von: owner-freebsd-jail@freebsd.org = [mailto:owner-freebsd-jail@freebsd.org] Im Auftrag von Scheithauer, Lars = (FH) > Gesendet: Mittwoch, 18. November 2009 16:11 > An: Miroslav Lachman > Cc: freebsd-jail@freebsd.org > Betreff: AW: Problem with Apache in Jail > > Hi Miroslav, > > the system is a FreeBSD 8.0-rc3 with apache22. > > nslookup is working fine - I did not enter the vhosts name into the = /etc/hosts before, but even adding it doesn't change the problem. > > Any other ideas I might check out? > > Best Regards, > Lars > > > > -----Urspr=FCngliche Nachricht----- > Von: Miroslav Lachman [mailto:000.fbsd@quip.cz]=20 > Gesendet: Mittwoch, 18. November 2009 15:44 > An: Scheithauer, Lars (FH) > Cc: freebsd-jail@freebsd.org > Betreff: Re: Problem with Apache in Jail > > Scheithauer, Lars (FH) wrote: > =20 >> Hi everyone, >> >> I've started to install an apache22 in a freebsd-jail and have a >> problem. The jail has a public ip address, so from what I know, I >> wouldn't have to forward any packages to it. I can reach the apache22 >> server by ip-address, but not by its DNS - the connection gets >> "disrupted". I can successfully nslookup the DNS and if I watch the >> traffic of the browser via wireshark, I see that it sends packages to >> the server, but the server doesn't send any packages back. I also do = not >> find any traces of the connection attempt in the apache-logs. >> >> The config-files of the apache are correct and read (tested by = entering >> some false configs and the server refused to start afterwards - and = as >> said I'm able to access it by its ip). >> >> >> >> Now, is there any way that this could be caused by the jail? >> =20 > > You did not post what version and architecture you are using... > But I am runing several jails with Apache or Lighttpd without any = issues=20 > (on 6.3 i386 and 7.2 i386 + amd64). > So I expect some misconfiguration on your side. > > Are you sure you have correct DNS entries pointing to right IP and you = > have working resolv.conf inside jail? What about /etc/hosts? > > Miroslav Lachman > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to = "freebsd-jail-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to = "freebsd-jail-unsubscribe@freebsd.org" > > =20 --=20 Bastien Semene Administrateur R=E9seau & Syst=E8me admin@cyanide-studio.com +33 (0)1 47 86 30 80 Cyanide S.A. 5, Boulevard des Bouvets 92000 Nanterre - FRANCE _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Fri Nov 20 08:12:36 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C460E1065695 for ; Fri, 20 Nov 2009 08:12:36 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 178038FC12 for ; Fri, 20 Nov 2009 08:12:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id nAK7nB2k056145; Fri, 20 Nov 2009 18:49:11 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 20 Nov 2009 18:49:10 +1100 (EST) From: Ian Smith To: "Scheithauer, Lars (FH)" In-Reply-To: <26040005B7F3AA41A0345BCE386CA09701C62A98@FHCLUSRV-EX.dcs.fh-heidelberg.de> Message-ID: <20091120180647.A65262@sola.nimnet.asn.au> References: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de><4B040838.8020103@quip.cz> <26040005B7F3AA41A0345BCE386CA09701C62A8F@FHCLUSRV-EX.dcs.fh-heidelberg.de><26040005B7F3AA41A0345BCE386CA09701C62A94@FHCLUSRV-EX.dcs.fh-heidelberg.de> <4B057741.7000700@cyanide-studio.com> <26040005B7F3AA41A0345BCE386CA09701C62A98@FHCLUSRV-EX.dcs.fh-heidelberg.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-jail@freebsd.org, Bastien Semene Subject: Re: AW: AW: Problem with Apache in Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2009 08:12:36 -0000 On Fri, 20 Nov 2009, Scheithauer, Lars (FH) wrote: > Hi Bastien, > > I've set up the jail after this guide[1] of the FreeBSD handbook. I'm only replying to this suspecting it may not be a jail issue, but perhaps more likely a DNS issue, as Miroslav was earlier pointing to? > A firewall is not active (yet), since I first wanted the jail to work. > > If I telnet to the server from the inside (DNS and IP), I can get a > valid response. If I telnet to the servers ip from the outside, too. > However, as soon as I try to get the files of a specific hostname, I > get a timeout (more specifically, I can connect to the server, but it > won't give any single packet back, according to wireshark). So are you sure that (from outside your environment) the vhost hostname resolves to its IP address ok? Does it have a unique public IP address? If so, does reverse resolution of that address point to that hostname? >From (right) outside your net, does that IP address respond to pings? By IP address as well as by hostname? Does your apache config specify name-based and/or IP-based virtual hosts? There can lurk some dragons .. > I don't get the problem and honestly don't know where to look > anymore. If it would be an apache config problem, it should not work > from the inside, too. If it's a jail problem, I don't know what else > to activate (even tried to allow raw sockets). The problem is also > persistent with the apache20-installation. If this is a jail issue I've no idea at all, but if the DNS results obtained from inside and outside your network perimeter differ, that may explain some of what you're seeing. I guess an outside DNS query followed by an attemped HTTP connect tracked on tcpdump, perhaps in verbose packet-display mode (eg -nXs0) should provide more solid clues? > For the logfiles: I do get an entry, if I get something back from the > server. If I don't get anything back from the server, I don't get an > entry. Make sure that you're logging both the vhost concerned and the 'default' config used if no vhost entry is satisfied, perhaps you'll see something there? I specify error.log to catch any of these during vhost setup. You may need to share more of your apache configuration in the hope that someone may spot something, once you confirm there are no DNS issues. Just some ideas .. cheers, Ian From owner-freebsd-jail@FreeBSD.ORG Fri Nov 20 09:07:33 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A116106566B for ; Fri, 20 Nov 2009 09:07:33 +0000 (UTC) (envelope-from Lars.Scheithauer@fh-heidelberg.de) Received: from dnsfh.fh-heidelberg.de (dnsfh.fh-heidelberg.de [193.197.74.49]) by mx1.freebsd.org (Postfix) with ESMTP id 49FCB8FC15 for ; Fri, 20 Nov 2009 09:07:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by dnsfh.spamfilter.fh-heidelberg.de (Postfix) with ESMTP id 6652A20023; Fri, 20 Nov 2009 10:07:31 +0100 (CET) X-Virus-Scanned: AMAVIS New Header in DNSFH Received: from dnsfh.fh-heidelberg.de ([127.0.0.1]) by localhost (dnsfh.fh-heidelberg.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afKlL94zW5jI; Fri, 20 Nov 2009 10:07:28 +0100 (CET) Received: from FHCLUSRV-EX.dcs.fh-heidelberg.de (FHCLUSRV-N1.dcs.fh-heidelberg.de [172.28.0.41]) by dnsfh.fh-heidelberg.de (Postfix) with ESMTP id 4E3D92001A; Fri, 20 Nov 2009 10:07:28 +0100 (CET) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Fri, 20 Nov 2009 10:07:27 +0100 Message-ID: <26040005B7F3AA41A0345BCE386CA09701C62A99@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <20091120180647.A65262@sola.nimnet.asn.au> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: AW: AW: Problem with Apache in Jail Thread-Index: AcppuT8KThmOC8CQSXGcx+z1bM7kSAAALVjQ References: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de><4B040838.8020103@quip.cz> <26040005B7F3AA41A0345BCE386CA09701C62A8F@FHCLUSRV-EX.dcs.fh-heidelberg.de><26040005B7F3AA41A0345BCE386CA09701C62A94@FHCLUSRV-EX.dcs.fh-heidelberg.de> <4B057741.7000700@cyanide-studio.com> <26040005B7F3AA41A0345BCE386CA09701C62A98@FHCLUSRV-EX.dcs.fh-heidelberg.de> <20091120180647.A65262@sola.nimnet.asn.au> From: "Scheithauer, Lars (FH)" To: "Ian Smith" Cc: freebsd-jail@freebsd.org, Bastien Semene Subject: AW: AW: AW: Problem with Apache in Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2009 09:07:33 -0000 Hi Ian, > So are you sure that (from outside your environment) the vhost hostname=20 > resolves to its IP address ok? Does it have a unique public IP address? > If so, does reverse resolution of that address point to that hostname? Yes: # host campus2.fh-heidelberg.de campus2.fh-heidelberg.de is an alias for www2.fh-heidelberg.de. www2.fh-heidelberg.de has address 193.197.74.48 # host 193.197.74.48 48.74.197.193.in-addr.arpa domain name pointer www2.fh-heidelberg.de. > From (right) outside your net, does that IP address respond to pings? > By IP address as well as by hostname? Yes. > Does your apache config specify name-based and/or IP-based virtual=20 > hosts? There can lurk some dragons .. I did try name-based, but it's currently just a catch-all (see below). > If this is a jail issue I've no idea at all, but if the DNS results=20 > obtained from inside and outside your network perimeter differ, that may=20 > explain some of what you're seeing. I guess an outside DNS query=20 > followed by an attemped HTTP connect tracked on tcpdump, perhaps in=20 > verbose packet-display mode (eg -nXs0) should provide more solid clues? Ooooookay, now this really makes sense.=20 Sending packets to the URL don't even reach the jailhost (I can't directly dump the jail's packages), but sending to its IP do... And I can see packets leaving my client... This is persistent across different browsers. Any ideas how that is possible? > Make sure that you're logging both the vhost concerned and the 'default'=20 > config used if no vhost entry is satisfied, perhaps you'll see something=20 > there? I specify error.log to catch any of these during vhost setup. I do, see below. > You may need to share more of your apache configuration in the hope that=20 > someone may spot something, once you confirm there are no DNS issues. ---------->>> /usr/local/etc/apache22/httpd.conf <<<---------- ServerRoot "/usr/local" Listen 80 ## modules # [...] ## MAIN CONFIG ServerAdmin support@fh-heidelberg.de ServerName www2.fh-heidelberg.de:80 DocumentRoot "/usr/local/www/apache22/data" ## disable all access, then allow specific services AllowOverride None Order deny,allow Deny from all ## main site, currently just with a testpage Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all DirectoryIndex index.html ## prevent htaccess to be read Order allow,deny Deny from all Satisfy All ## LOGGING ErrorLog "/var/log/httpd-error.log" logLevel debug LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio CustomLog "/var/log/httpd-access.log" combined ## aliases and redirects ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/" ## cgi-bin AllowOverride None Options None Order allow,deny Allow from all DefaultType text/plain TypesConfig etc/apache22/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz #AddHandler cgi-script .cgi #AddHandler type-map var ## Virtual hosts #Include etc/apache22/extra/httpd-vhosts.conf Include etc/apache22/vhosts/* Include etc/apache22/Includes/*.conf ----->>> /usr/local/etc/apache22/vhosts/campus2.fh-heidelberg.de <<<----- ## catch all NameVirtualHost *:80 ServerAdmin support@fh-heidelberg.de DocumentRoot "/usr/local/www/apache22/campus2.fh-heidelberg.de" ServerName campus2.fh-heidelberg.de ErrorLog "/var/log/apache2/campus2.fh-heidelberg.de_error.log" CustomLog "/var/log/apache2/campus2.fh-heidelberg.de_access.log" common Best Regards, Lars From owner-freebsd-jail@FreeBSD.ORG Fri Nov 20 12:31:35 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2FDE71065676 for ; Fri, 20 Nov 2009 12:31:35 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 4B0BA8FC16 for ; Fri, 20 Nov 2009 12:31:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id nAKCV7XK068591; Fri, 20 Nov 2009 23:31:07 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 20 Nov 2009 23:31:06 +1100 (EST) From: Ian Smith To: "Scheithauer, Lars (FH)" In-Reply-To: <26040005B7F3AA41A0345BCE386CA09701C62A99@FHCLUSRV-EX.dcs.fh-heidelberg.de> Message-ID: <20091120224250.L65262@sola.nimnet.asn.au> References: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de><4B040838.8020103@quip.cz> <26040005B7F3AA41A0345BCE386CA09701C62A8F@FHCLUSRV-EX.dcs.fh-heidelberg.de><26040005B7F3AA41A0345BCE386CA09701C62A94@FHCLUSRV-EX.dcs.fh-heidelberg.de> <4B057741.7000700@cyanide-studio.com> <26040005B7F3AA41A0345BCE386CA09701C62A98@FHCLUSRV-EX.dcs.fh-heidelberg.de> <20091120180647.A65262@sola.nimnet.asn.au> <26040005B7F3AA41A0345BCE386CA09701C62A99@FHCLUSRV-EX.dcs.fh-heidelberg.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-jail@freebsd.org, Bastien Semene Subject: Re: AW: AW: AW: Problem with Apache in Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2009 12:31:35 -0000 On Fri, 20 Nov 2009, Scheithauer, Lars (FH) wrote: > > So are you sure that (from outside your environment) the vhost > hostname > > resolves to its IP address ok? Does it have a unique public IP > address? > > If so, does reverse resolution of that address point to that hostname? > > Yes: > # host campus2.fh-heidelberg.de > campus2.fh-heidelberg.de is an alias for www2.fh-heidelberg.de. > www2.fh-heidelberg.de has address 193.197.74.48 > # host 193.197.74.48 > 48.74.197.193.in-addr.arpa domain name pointer www2.fh-heidelberg.de. Hi Lars. Same results from here. > > From (right) outside your net, does that IP address respond to pings? > > By IP address as well as by hostname? > > Yes. NOT from here, but I can ping its neighbouring DNS server, noticed from: ;; ADDITIONAL SECTION: dns1.belwue.de. 25303 IN A 129.143.2.10 dns3.belwue.de. 65090 IN A 131.246.119.18 dnsfh.fh-heidelberg.de. 81442 IN A 193.197.74.49 smithi on sola% ping 193.197.74.48 PING 193.197.74.48 (193.197.74.48): 56 data bytes ^C --- 193.197.74.48 ping statistics --- 7 packets transmitted, 0 packets received, 100% packet loss smithi on sola% ping 193.197.74.49 PING 193.197.74.49 (193.197.74.49): 56 data bytes 64 bytes from 193.197.74.49: icmp_seq=0 ttl=44 time=359.907 ms 64 bytes from 193.197.74.49: icmp_seq=1 ttl=44 time=365.433 ms 64 bytes from 193.197.74.49: icmp_seq=2 ttl=44 time=363.339 ms ^C --- 193.197.74.49 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 359.907/362.893/365.433/2.278 ms So it's not clear that any outside traffic is reaching .48, or if so, that its responses are getting out, given there's no local firewall. Which could be the whole problem - this might have nothing to do with apache at all? HTTP requests to .48 IP send setup packets which are not acknowledged, so it's never getting far enough to care which hostname was requested. Is .49 on the same box? Same interface? Maybe a netstat -nr outside and inside the jail might indicate something? Where's your gateway? So .. upstream firewall? Improper routing, either upstream or return route from that box (or the jail?) for that IP? Stabs in the dark .. > > Does your apache config specify name-based and/or IP-based virtual > > hosts? There can lurk some dragons .. > > I did try name-based, but it's currently just a catch-all (see below). On the face of it, it should answer for either hostname, and likely will when it gets packets through and/or gets responses back :) > > If this is a jail issue I've no idea at all, but if the DNS results I'd best stress that; I've never setup a jail, though I've been lurking. > > obtained from inside and outside your network perimeter differ, that > may > > explain some of what you're seeing. I guess an outside DNS query > > followed by an attemped HTTP connect tracked on tcpdump, perhaps in > > verbose packet-display mode (eg -nXs0) should provide more solid > clues? > > Ooooookay, now this really makes sense. > Sending packets to the URL don't even reach the jailhost (I can't > directly dump the jail's packages), but sending to its IP do... And I > can see packets leaving my client... This is persistent across different > browsers. Any ideas how that is possible? No. http://193.197.74.48/ is just the same from here of course, and all I see is setup packets leaving and no response. No upstream firewall/s? You can't run tcpdump inside a jail as root? > > Make sure that you're logging both the vhost concerned and the > 'default' > > config used if no vhost entry is satisfied, perhaps you'll see > something > > there? I specify error.log to catch any of these during vhost setup. > > I do, see below. Sure. It's not getting that far, seen from here at least. Sorry, I'm out of ideas, and have to go out. I'll leave the tail alone in case somebody else might catch a clue from it. Good luck, Ian > > You may need to share more of your apache configuration in the hope > that > > someone may spot something, once you confirm there are no DNS issues. > > ---------->>> /usr/local/etc/apache22/httpd.conf <<<---------- > ServerRoot "/usr/local" > Listen 80 > > ## modules > # [...] > > ## MAIN CONFIG > ServerAdmin support@fh-heidelberg.de > ServerName www2.fh-heidelberg.de:80 > DocumentRoot "/usr/local/www/apache22/data" > > ## disable all access, then allow specific services > > AllowOverride None > Order deny,allow > Deny from all > > > ## main site, currently just with a testpage > > Options Indexes FollowSymLinks > AllowOverride All > Order allow,deny > Allow from all > > > > DirectoryIndex index.html > > > ## prevent htaccess to be read > > Order allow,deny > Deny from all > Satisfy All > > > > > ## LOGGING > ErrorLog "/var/log/httpd-error.log" > logLevel debug > > > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" > \"%{User-Agent}i\"" combined > LogFormat "%h %l %u %t \"%r\" %>s %b" common > > > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" > \"%{User-Agent}i\" %I %O" combinedio > > > CustomLog "/var/log/httpd-access.log" combined > > > ## aliases and redirects > > ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/" > > > ## cgi-bin > > AllowOverride None > Options None > Order allow,deny > Allow from all > > > DefaultType text/plain > > > TypesConfig etc/apache22/mime.types > > AddType application/x-compress .Z > AddType application/x-gzip .gz .tgz > > #AddHandler cgi-script .cgi > #AddHandler type-map var > > > ## Virtual hosts > #Include etc/apache22/extra/httpd-vhosts.conf > Include etc/apache22/vhosts/* > Include etc/apache22/Includes/*.conf > > > ----->>> /usr/local/etc/apache22/vhosts/campus2.fh-heidelberg.de > <<<----- > ## catch all > NameVirtualHost *:80 > > > ServerAdmin support@fh-heidelberg.de > DocumentRoot "/usr/local/www/apache22/campus2.fh-heidelberg.de" > ServerName campus2.fh-heidelberg.de > ErrorLog > "/var/log/apache2/campus2.fh-heidelberg.de_error.log" > CustomLog > "/var/log/apache2/campus2.fh-heidelberg.de_access.log" common > > > > > Best Regards, > Lars >