From owner-freebsd-security@FreeBSD.ORG Tue Aug 5 03:38:20 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1CA737B401 for ; Tue, 5 Aug 2003 03:38:20 -0700 (PDT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id EE45A43F3F for ; Tue, 5 Aug 2003 03:38:18 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 25330 invoked from network); 5 Aug 2003 10:29:58 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 5 Aug 2003 10:29:57 -0000 Received: (qmail 15804 invoked by uid 1000); 5 Aug 2003 10:39:20 -0000 Date: Tue, 5 Aug 2003 13:39:20 +0300 From: Peter Pentchev To: stakys@punktas.lt Message-ID: <20030805103919.GV358@straylight.oblivion.bg> Mail-Followup-To: stakys@punktas.lt, freebsd-security@freebsd.org References: <53210.81.7.109.95.1060089623.squirrel@mail.impress.lt> <20030805103636.GU358@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Nj4mAaUCx+wbOcQD" Content-Disposition: inline In-Reply-To: <20030805103636.GU358@straylight.oblivion.bg> User-Agent: Mutt/1.5.4i cc: freebsd-security@freebsd.org Subject: Re: Problems with JAIL in 4.8R X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 10:38:20 -0000 --Nj4mAaUCx+wbOcQD Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 05, 2003 at 01:36:36PM +0300, Peter Pentchev wrote: > On Tue, Aug 05, 2003 at 01:20:23PM -0000, stakys@punktas.lt wrote: > > On Tue, Aug 05, 2003 at 12:56:36PM -0000, stakys@punktas.lt wrote: > > > Hi, i've set the outside ip for the jail..It works.. When i try to ss= h to > > > jail'ed system from the main system (in which is created jail) the > > > connection is successful, but when i try to connect to jailed system = =66rom > > > anywhere else i get this message: > > > ssh: connect to host IP_NUMBER port 22: Operation timed out > > > What can be wrong here? How to solve this problem? > >=20 > > >>Are you running some sort of firewall on the main system? You might > > >>have to add additional rules allowing SSH into the jailed one... > >=20 > > >>G'luck, > > >>Peter > >=20 > > I'm running IPFW but i put such a lines to ipfw.rules to be sure that i= t's > > not firewall's fault, about connecting to jail'ed system from outside. > > Here are the lines: > > ipfw add 50 allow ip from any to any via lo0 > > ipfw add 51 allow ip from any to any via rl0 >=20 > If it would not be a great security risk, could you post the whole > set of ipfw rules that you are using? Alternatively, could you add a > 'log' clause to all the 'deny' rules, and then watch for denied packets > in the syslog? As another alternative, you could 'ipfw -f' for the > duration of the test... *THWAP*... Of course I meant 'ipfw flush' :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 The rest of this sentence is written in Thailand, on --Nj4mAaUCx+wbOcQD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/L4lX7Ri2jRYZRVMRAtAJAKCSGatl9fvE/VqWMD1BIcKLYMGDXQCeOdm5 mzzsAawR0rI+Lpww654iF74= =RnPa -----END PGP SIGNATURE----- --Nj4mAaUCx+wbOcQD--