From owner-freebsd-security@FreeBSD.ORG Tue Aug 5 09:01:09 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39FF837B401 for ; Tue, 5 Aug 2003 09:01:09 -0700 (PDT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id A60CC43FA3 for ; Tue, 5 Aug 2003 09:01:06 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 22037 invoked from network); 5 Aug 2003 15:52:44 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 5 Aug 2003 15:52:44 -0000 Received: (qmail 17768 invoked by uid 1000); 5 Aug 2003 16:02:06 -0000 Date: Tue, 5 Aug 2003 19:02:06 +0300 From: Peter Pentchev To: stakys Message-ID: <20030805160206.GE358@straylight.oblivion.bg> Mail-Followup-To: stakys , hnunez@vianetworks.com.ar, freebsd-security@freebsd.org References: <02be01c35b60$948136b0$330c3dc8@ms.vianetworks.net.ar> <01bc01c35b68$14ebf400$0900a8c0@ss> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FJ0JV+AOCbvjFtNn" Content-Disposition: inline In-Reply-To: <01bc01c35b68$14ebf400$0900a8c0@ss> User-Agent: Mutt/1.5.4i cc: freebsd-security@freebsd.org Subject: Re: Problems with JAIL in 4.8R X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 16:01:09 -0000 --FJ0JV+AOCbvjFtNn Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 05, 2003 at 06:41:47PM +0300, stakys wrote: > I've tried in debug mode but do not gives any error when i get the timeou= t, > also my netmask set as you said. Any ideas how to solve it? I would *still* bet on the firewall. Could you add a 'log' keyword to all the 'deny' rules in your ipfw ruleset (if you think that there are none, please double-check to make sure that there really are none; does ipfw list really not show any of them?), and see in your syslog if something is being denied? Also, it might be the firewall on the machine that you are trying to connect *from* - the machine that you are running the SSH client on. Are you sure it will not block an attempt to connect to the jail's IP address on port 22? A third option would be any devices between the two machines: routers, cable modem gateways, other computers acting as gateways.. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence would be seven words long if it were six words shorter. --FJ0JV+AOCbvjFtNn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/L9T+7Ri2jRYZRVMRAkqoAJ4gnIntM9GQ393brPI3qaJVos8+2ACgka7g m3Jq7VZZNxMchJ7euuvCIeQ= =mTve -----END PGP SIGNATURE----- --FJ0JV+AOCbvjFtNn--