From owner-freebsd-questions@freebsd.org Thu Dec 22 21:56:03 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C50E2C8D619 for ; Thu, 22 Dec 2016 21:56:03 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA HLL ISSUER 01" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 98CFE14F0 for ; Thu, 22 Dec 2016 21:56:03 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id CE8D3621CD for ; Thu, 22 Dec 2016 16:56:01 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1CQpZ3eAFQCk for ; Thu, 22 Dec 2016 16:56:00 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id E5AEB621C0 for ; Thu, 22 Dec 2016 16:55:59 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=harte-lyne.ca; s=dkim_hll; t=1482443759; bh=U17Vlxv4YGQ7CpSC5SmQF1p9m7i+Ih576e/1CGtoaIs=; h=Date:Subject:From:To:Reply-To; b=qgSn4pgCzPwjH/a9cv+kUkAALYoWWuh5LYGNxxr6ouDykcpBYwM6/Q+P9T4R7lY2r NSHfFDulOWbKDpKGLx3H/3gmp6hghy2nog9Czic5zDzukj9rT/5MDeZz48ngxQ/P4b o0T8dgwQxltVGGazsfzubP+UcuwVWQUt3BoN15SlYBoWLdf7PKyO8yZDy3H47HVTBV 8z51RJDsBDVun9nm2d1eWDin5nnRihtPuUDqTdY0iw22A8EalIezBMiV3ErUPu6xAZ ZyiZ/Gj9Wzb13I/qqNcmiJyDspLqq3PP33FEEUEKlLsj6GKF7bermqoti+TAGuOv/b 15Hx/mWZT/mnA== Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Thu, 22 Dec 2016 16:55:59 -0500 Message-ID: Date: Thu, 22 Dec 2016 16:55:59 -0500 Subject: IP address assignments to jails using ezjail From: "James B. Byrne" To: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-4.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2016 21:56:03 -0000 When I created the new jail I used this invocation: ezjail-admin create -x hlldrupal 'lo1|127.0.1.1,vtnet0|192.168.216.196' Inside the host rc.conf I have this: # Cloned i/f and assigned ipv4 addr for jails cloned_interfaces="lo1" # For shared jail configuration And ifconfig on the host shows this: vtnet0: flags=8943 metric 0 mtu 1500 options=80028 ether 00:a0:98:fa:aa:b6 inet 216.185.71.16 netmask 0xffffff00 broadcast 216.185.71.255 inet 192.168.216.16 netmask 0xffffff00 broadcast 192.168.216.255 inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196 nd6 options=29 media: Ethernet 10Gbase-T status: active . . . lo1: flags=8049 metric 0 mtu 16384 options=600003 inet 127.0.1.1 netmask 0xffffffff nd6 options=29 groups: lo Inside the jail ifconfig shows this: vtnet0: flags=8943 metric 0 mtu 1500 options=80028 ether 00:a0:98:fa:aa:b6 inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196 media: Ethernet 10Gbase-T status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 groups: lo lo1: flags=8049 metric 0 mtu 16384 options=600003 inet 127.0.1.1 netmask 0xffffffff groups: lo All this seems to be correct and yet I cannot seem to obtain an ssh connection to or from the jailed instance. ubound is running in the jail and seems to be working. At least host responds to queries. root@hlldrupal:~ # host sendmail.com sendmail.com has address 209.246.26.25 sendmail.com mail is handled by 10 mxa-00148501.gslb.pphosted.com. sendmail.com mail is handled by 20 mx2.proofpoint.com. sendmail.com mail is handled by 10 mxb-00148501.gslb.pphosted.com. pf is not running in the jail but sshd is: root@hlldrupal:~ # service sshd status sshd is running as pid 81502. root@hlldrupal:~ # service pf status Cannot 'status' pf. Set pf_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'. root@hlldrupal:~ # service pf onestatus pf.ko is not loaded I note that the flag IFDISABLED is present on the host's lo1. Why? Is this the source of the connectivity problem with the jail? If so then why does the host commend work when executed within the jail? In any case I can ping the jail from without: [root@vhost04 ~ (master *%)]# ping 192.168.216.196 PING 192.168.216.196 (192.168.216.196) 56(84) bytes of data. 64 bytes from 192.168.216.196: icmp_seq=1 ttl=64 time=0.647 ms I just cannot connect to that address via ssh from without nor can I connect ssh to any address from within the jail. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3