Date: Mon, 30 Oct 2000 13:55:51 +0200 From: Marc Silver <marcs@draenor.org> To: The Hermit Hacker <scrappy@hub.org> Cc: freebsd-stable@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Multiple Jail environment(s) on one host ... Message-ID: <20001030135551.B39296@draenor.org> In-Reply-To: <Pine.BSF.4.21.0010300749280.1220-100000@thelab.hub.org>; from scrappy@hub.org on Mon, Oct 30, 2000 at 07:50:49AM -0400 References: <20001030074727.P20320@draenor.org> <Pine.BSF.4.21.0010300749280.1220-100000@thelab.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Are any of the services on the base machine binding to all the IP's
perhaps??
You'de be looking at something like this: (netstat -na | grep LIST)
tcp4 0 0 192.168.0.10.80 *.* LISTEN
tcp4 0 0 *.25 *.* LISTEN
tcp4 0 0 192.168.0.10.53 *.* LISTEN
tcp4 0 0 192.168.0.10.53 *.* LISTEN
tcp4 0 0 *.6000 *.* LISTEN
tcp4 0 0 *.3306 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
Notice how for instance port 22, 25 and 3306 are bound to all ports on
the machine, which would mean that you couldn't bind sshd in the chroot
to an IP because there is already an sshd using it.
That may help. If not, let me know,
Cheers,
Marc
On Mon, Oct 30, 2000 at 07:50:49AM -0400, The Hermit Hacker wrote:
> On Mon, 30 Oct 2000, Marc Silver wrote:
>
> > Hi there,
> >
> > It's my understanding that the chroot's (jails) should run on different
> > IP addresses to that of your base system.
> >
> > For instance, let's say you have three addresses:
> >
> > 192.168.0.10
> > 192.168.0.11
> > 192.168.0.12
> >
> > 192.168.0.10 would be that of your base machine and all it's services,
> > which you should make sure are bound to just that address, and none of
> > the others. The same would apply for your chroots. Their services
> > should also all be running on a seperate dedicated IP address.
>
> Right, I read that too. the base machine is on 216.126.84.253, while the
> two envs are on 216.126.85.28 and 216.126.85.73 respectively ... that is
> why I'm confused by the 'Address already in use' issue ...
>
> >
> > Cheers,
> > Marc
> >
> > On Sun, Oct 29, 2000 at 11:40:36PM -0400, The Hermit Hacker wrote:
> > >
> > > Morning all ...
> > >
> > > I'm running 4.x-STABLE on a machine, that I have setup two jail
> > > environments over the base system, but the second one is getting the
> > > following "errors" generated:
> > >
> > > Oct 29 22:32:20 mail inetd[97608]: telnet/tcp: bind: Address already in use
> > > Oct 29 22:32:20 mail inetd[97608]: ftp/tcp: bind: Address already in use
> > >
> > > I have portmap disabled in both jail(s) and the base OS, and inetd
> > > bound in the base OS to its IP ... do I have to bind inside of each jail
> > > to? I thought it got bound only to those IPs that were visible, no?
> > >
> > > Hrmmm ... if I do a 'telnet localhost smtp' inside of the second
> > > env, it gets its own sendmail ... if I do a 'ftp localhost', it gets the
> > > ftp server of the first env ... samn thing with telnet, it gets me the
> > > first env ...
> > >
> > > If I add the -a IP option to inetd_flags, I can eliminate the
> > > behaviour ... is this the way its supposed to work?
> > >
> > > Thanks ...
> > >
> > >
> > > Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
> > > Systems Administrator @ hub.org
> > > primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
> >
> >
>
> Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
> Systems Administrator @ hub.org
> primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001030135551.B39296>