From owner-freebsd-jail@FreeBSD.ORG Sun Jan 31 00:04:15 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94E66106566C for ; Sun, 31 Jan 2010 00:04:15 +0000 (UTC) (envelope-from cryx-freebsd@h3q.com) Received: from mail.h3q.com (mail.h3q.com [213.73.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id DBFA08FC13 for ; Sun, 31 Jan 2010 00:04:14 +0000 (UTC) Received: (qmail 99687 invoked from network); 31 Jan 2010 00:04:12 -0000 Received: from mail.h3q.com (HELO mail.h3q.com) (cryx) by mail.h3q.com with AES256-SHA encrypted SMTP; 31 Jan 2010 00:04:12 -0000 Message-ID: <4B64C8FA.6000106@h3q.com> Date: Sun, 31 Jan 2010 01:04:10 +0100 From: Philipp Wuensche User-Agent: Postbox 1.1.0 (Macintosh/20091201) MIME-Version: 1.0 To: Christer Solskogen References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: How do you manage your jails? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2010 00:04:15 -0000 Christer Solskogen wrote: > > I'm preparing a talk for BLUG (the local Linux/BSD group) and I want to know how > YOU manage your jails, there sure are more than one way do it. ezjail - http://erdgeist.org/arts/software/ezjail/ jailaudit - http://anonsvn.h3q.com/projects/jailaudit/ greetings, philipp From owner-freebsd-jail@FreeBSD.ORG Mon Feb 1 11:07:00 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 22D28106568F for ; Mon, 1 Feb 2010 11:07:00 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 107068FC17 for ; Mon, 1 Feb 2010 11:07:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o11B6xOS062841 for ; Mon, 1 Feb 2010 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o11B6wr6062839 for freebsd-jail@FreeBSD.org; Mon, 1 Feb 2010 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 1 Feb 2010 11:06:58 GMT Message-Id: <201002011106.o11B6wr6062839@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2010 11:07:00 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 6 problems total. From owner-freebsd-jail@FreeBSD.ORG Fri Feb 5 12:43:05 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C7DC7106566B; Fri, 5 Feb 2010 12:43:05 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from smtp-int-m.obspm.fr (smtp-int-m.obspm.fr [145.238.187.15]) by mx1.freebsd.org (Postfix) with ESMTP id 4D0B48FC12; Fri, 5 Feb 2010 12:43:04 +0000 (UTC) Received: from obspm.fr (pcjas.obspm.fr [145.238.184.233]) by smtp-int-m.obspm.fr (8.14.3/8.14.3/SIO Observatoire de Paris - 07/2009) with ESMTP id o15CWsGN022893 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 5 Feb 2010 13:32:56 +0100 Date: Fri, 5 Feb 2010 13:32:54 +0100 From: Albert Shih To: freebsd-jail@freebsd.org, freebsd-pf@freebsd.org Message-ID: <20100205123254.GN11310@obspm.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.20 (2009-06-14) X-Miltered: at smtp-int-m.obspm.fr with ID 4B6C0FF6.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 4B6C0FF6.000/145.238.184.233/pcjas.obspm.fr/obspm.fr/ X-j-chkmail-Score: MSGID : 4B6C0FF6.000 on smtp-int-m.obspm.fr : j-chkmail score : . : R=. U=. O=. B=0.012 -> S=0.012 X-j-chkmail-Status: Ham Cc: Subject: How make the route-to working ? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Feb 2010 12:43:05 -0000 Hi all, I've a problem with route-to. I've a server with 2 interfaces, and I'm running jail on this server. Each interface have is own public IP address. eth0 -- IP0 eth1 -- IP1 and I've a default route (for example in IP0 subnet). So if the jail is in the IP0 subnet no problem everything work. Now if I put a jail in IP1 subnet, and some client try to connect to this jail the answer come out through eth0 because of the default route (suppose the client is not on my subnet). I don't want that. I want the answer come out through the eth1 I'm trying to use pf to do that and put in my pf.conf something like pass in all pass out all pass out on eth0 route-to {(eth0 IP0_Gateway)} from to ! IP0_subnet pass out on eth1 route-to {(eth1 IP1_Gateway)} from to ! IP1_subnet but it's not working, if I run a tcpdump on the host I can see the incoming packet come in from eth1 and the outgoing come out on eth0. And if I try do remove default route the outgoing packet don't come out.... Any help ? Regards. -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Téléphone : 01 45 07 76 26/06 86 69 95 71 Heure local/Local time: Ven 5 fév 2010 13:25:02 CET From owner-freebsd-jail@FreeBSD.ORG Fri Feb 5 15:39:21 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83E4A1065672 for ; Fri, 5 Feb 2010 15:39:21 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from smtp-int-m.obspm.fr (smtp-int-m.obspm.fr [145.238.187.15]) by mx1.freebsd.org (Postfix) with ESMTP id 09AC98FC13 for ; Fri, 5 Feb 2010 15:39:20 +0000 (UTC) Received: from obspm.fr (pcjas.obspm.fr [145.238.184.233]) by smtp-int-m.obspm.fr (8.14.3/8.14.3/SIO Observatoire de Paris - 07/2009) with ESMTP id o15FdIQi031319 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 5 Feb 2010 16:39:19 +0100 Date: Fri, 5 Feb 2010 16:39:18 +0100 From: Albert Shih To: freebsd-jail@FreeBSD.org Message-ID: <20100205153918.GH31809@obspm.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.20 (2009-06-14) X-Miltered: at smtp-int-m.obspm.fr with ID 4B6C3BA6.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 4B6C3BA6.000/145.238.184.233/pcjas.obspm.fr/obspm.fr/ X-j-chkmail-Score: MSGID : 4B6C3BA6.000 on smtp-int-m.obspm.fr : j-chkmail score : . : R=. U=. O=. B=0.018 -> S=0.018 X-j-chkmail-Status: Ham Cc: Subject: setfib with jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Feb 2010 15:39:21 -0000 Hi all. I'm trying to make setfib working with jail. I'm not sure to do correctly, but I'm sure it's not working. So this is what I do : - Rebuild kernel with option ROUTETABLES=4 - Re-install the kernel, reboot - Stop the jail - flush all route (not default) on 0 fib - create route in 1 fib setfib 1 route add default xxx.yyy.zzz.ttt - add jail_name_fib="1" in my rc.conf - start the jail with /etc/rc.d/jail start name ---> and it's not working because when I do jexec Jail_ID bash netstat -rn I see the 0 fib. What's wrong ? Thanks for your help Regards. JAS -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Téléphone : 01 45 07 76 26/06 86 69 95 71 Heure local/Local time: Ven 5 fév 2010 16:34:51 CET From owner-freebsd-jail@FreeBSD.ORG Fri Feb 5 18:02:54 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA2911065698 for ; Fri, 5 Feb 2010 18:02:54 +0000 (UTC) (envelope-from i@levsha.me) Received: from expo.ukrweb.net (mail.univua.net [91.202.128.78]) by mx1.freebsd.org (Postfix) with ESMTP id 36A2F8FC1C for ; Fri, 5 Feb 2010 18:02:54 +0000 (UTC) Received: from [91.193.166.194] (helo=laptop.levsha.me) by expo.ukrweb.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.71 (FreeBSD)) (envelope-from ) id 1NdS5y-000Mms-PH; Fri, 05 Feb 2010 19:35:57 +0200 Received: from levsha by laptop.levsha.me with local (Exim 4.71 (FreeBSD)) (envelope-from ) id 1NdS5y-0002J9-LX; Fri, 05 Feb 2010 19:35:54 +0200 Date: Fri, 5 Feb 2010 19:35:54 +0200 From: Mykola Dzham To: Albert Shih Message-ID: <20100205173554.GA3631@laptop.levsha.me> References: <20100205153918.GH31809@obspm.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100205153918.GH31809@obspm.fr> User-Agent: Mutt/1.5.20 (2009-06-14) Sender: Mykola Dzham X-SA-Exim-Connect-IP: 91.193.166.194 X-SA-Exim-Mail-From: i@levsha.me X-SA-Exim-Scanned: No (on expo.ukrweb.net); SAEximRunCond expanded to false Cc: freebsd-jail@FreeBSD.org Subject: Re: setfib with jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Feb 2010 18:02:54 -0000 Albert Shih wrote: > Hi all. > > I'm trying to make setfib working with jail. I'm not sure to do correctly, > but I'm sure it's not working. > > So this is what I do : > > - Rebuild kernel with > > option ROUTETABLES=4 > > - Re-install the kernel, reboot > > - Stop the jail > > - flush all route (not default) on 0 fib > > - create route in 1 fib > > setfib 1 route add default xxx.yyy.zzz.ttt > > - add > > jail_name_fib="1" > > in my rc.conf > > - start the jail with > > /etc/rc.d/jail start name > > > ---> and it's not working because when I do > > jexec Jail_ID bash > netstat -rn > > I see the 0 fib. > > What's wrong ? Try to start ssh in jail, ssh into jail and run netstat -rn fib binds to process and childs, not to jail - jexec and childs started with your current fib, not with jail fib. -- LEFT-(UANIC|RIPE) JID: levsha@jabber.net.ua PGP fingerprint: 1BCD 7C80 2E04 7282 C944 B0E0 7E67 619E 4E72 9280