Date: Mon, 22 Mar 2010 11:23:54 +0100 From: =?ISO-8859-1?Q?Dh=E9nin_Jean=2DJacques?= <jean-jacques@dhenin.fr> To: Ruben de Groot <mail25@bzerk.org>, Aiza <aiza21@comclark.com>, Mark Shroyer <subscriber+freebsd@markshroyer.com>, freebsd-questions@freebsd.org Subject: Re: ezjail Message-ID: <12437d831003220323o4463044bu416f994f0129b459@mail.gmail.com> In-Reply-To: <20100322095545.GA77714@ei.bzerk.org> References: <4BA5AA53.5030503@comclark.com> <4BA69566.2040504@markshroyer.com> <4BA6B80F.7050806@comclark.com> <4BA6CB8B.8070309@markshroyer.com> <4BA73C9D.7090900@comclark.com> <20100322095545.GA77714@ei.bzerk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
2010/3/22 Ruben de Groot <mail25@bzerk.org> > > > > > My host 8.0 system is the gateway to the public internet. > > I have ipfilter running blocking all inbound request for service. > > I only allow out bound request from the LAN behind the gateway and use > > keep state to allow the packet conversation to continue. All this has > > worked fine for years across many releases of Freebsd. > > > > Now comes playing with jails. I created 3 jails, www, ftp, telnet and > > used ip address of 10.0.20.20, 10.0.20.30, 10.0.20.40. The goal is to > > target those jails from other PC on the private LAN who are using ip > > address in the 10.0.10.2 through 10.0.10.8 range. > > > > I used ezjail-admin onestart and all the jails start. Then did > > ezjail-admin console ftp.local.com and got logged into that jail. Edite= d > > /etc/inetd.conf and uncommented the ftp line. Edited /etc/rc.conf addin= g > > inetd_enable=3D"YES" exited the ftp jail. Did ezjail-admin onestop > > followed by ezjail-admin onestart to cycle the ftp jail to activate the > > ftp function. ezjail-admin console ftp.local.com to get logged into tha= t > > jail again. From within the jail did ping -c 2 10.0.10.6 which is a pc > > on the lan gives me no sockets mesg. And ftp from 10.0.10.6 to > > 10.0.20.30 the ftp jail gives me no connection error. > > > > What is the problem here? > > > How are we supposed to know? > > Ruben > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > add sysctl security.jail.allow_raw_sockets=3D1 or in /etc/sysctl.conf on the host (not in in the jail) Cordialement --------------------------------------------------------- (=B0> Dh=E9nin Jean-Jacques / ) 48, rue de la Justice 78300 Poissy ^^ Jean-Jacques@dhenin.fr ---------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12437d831003220323o4463044bu416f994f0129b459>