Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Feb 2013 18:43:55 -0500 (EST)
From:      doug@safeport.com
To:        Bernt Hansson <bah@bananmonarki.se>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: jail and networking
Message-ID:  <alpine.BSF.2.00.1302201830160.74170@oceanpt.safeport.com>
In-Reply-To: <512554C6.3070306@bananmonarki.se>
References:  <5124F505.4040906@bananmonarki.se> <13CA24D6AB415D428143D44749F57D7201EABA71@ltcfiswmsgmb21> <51250B20.4000308@bananmonarki.se> <512510ED.6080807@mail.com>, <51251496.4050701@bananmonarki.se> <13CA24D6AB415D428143D44749F57D7201EABC1F@ltcfiswmsgmb21> <51251FA5.6030903@mail.com> <alpine.BSF.2.00.1302201613280.27836@fledge.watson.org> <512554C6.3070306@bananmonarki.se>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Feb 2013, Bernt Hansson wrote:

> 2013-02-20 22:17, doug skrev:
>> 
>> On Wed, 20 Feb 2013, Jeff Tipton wrote:
>> 
>>> On 02/20/2013 20:59, Teske, Devin wrote:
>>>> On Wed, 20 Feb 2013, Bernt Hansson wrote:
>>>> 
>>>>> On 2013-02-20 19:07, Jeff Tipton wrote:
>>>>>> On 02/20/2013 19:42, Bernt Hansson wrote:
>>>>>>> On 2013-02-20 17:23, Teske, Devin wrote:
>>>>>>>> On Wed, 20 Feb 2013, Bernt Hansson wrote:
>>>>>>>> 
>>>>>>>>> Hello list!
>>>>>>>>> 
>>>>>>>>> I dont seem to get net working in a test jail.
>>>>>>>>> 
>>>>>>>>> These I've tried;
>>>>>>>>> 
>>>>>>>>> ftp, fetch, telnet
>>>>>>>>> 
>>>>>>>>> They time out.
>>>>>>>>> 
>>>>>>>>> Ssh sort of work.
>>>>>>>>> 
>>>>>>>>> 32bit# ssh 10.0.0.3
>>>>>>>>> ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or
>>>>>>>>> directory
>>>>>>>>> Host key verification failed.
>>>>>>>>> 
>>>>>>>>> jail is 8.3-STABLE i386 GENERIC
>>>>>>>>> 
>>>>>>>>> host is FreeBSD 8.3-STABLE amd64 GENERIC
>>>>>>>>> 
>>>>>>>>> I'm sure you want more info so just tell me what info.
>>>>>>>> Commonly the problem is that you are "jexec'd" into the jail and I
>>>>>>>> find that tools like ssh, ftp, telnet, etc. don't work when
>>>>>>>> you're in
>>>>>>>> the jail via "jexec" but instead what works way better is if you ssh
>>>>>>>> into the jail (via the jail'd ssh process of course).
>>>>>>>> 
>>>>>>>> Does that seem to be the case in your situation?
>>>>>>> If you mean this sshd  IsJ    0:00,00 /usr/sbin/sshd
>>>>>>> 
>>>>>>> Then no.
>>>>>>> 
>>>>>>> %ssh 10.0.0.10 ssh: connect to host 10.0.0.10 port 22: Operation
>>>>>>> timed
>>>>>>> out
>>>>>>> 
>>>>>>> I did have an alias on the host to the jail's ip.
>>>>>>> Tried to restart the jail it went fine, but now I can't jexec in to
>>>>>>> the jail.
>>>>>>> 
>>>>>>> testbox# jexec 1 tcsh
>>>>>>> jexec: jail_attach(1): Invalid argument
>>>>>>> 
>>>>>>> Sooo... I'm kind of out of ideas.
>>>>>> What does "jls" command say? If you have restarted your jail, it's ID
>>>>>> most likely has changed.
>>>>> The ID did change, didn't know about that, thank you.
>>>>> 
>>>>> But still, sshd isn't running in the jail
>>>>> 
>>>>> 32bit# ps ax
>>>>>     PID  TT  STAT      TIME COMMAND
>>>>>    2385  ??  IsJ    0:00,00 sendmail: Queue runner@00:30:00 for
>>>>> /var/spool/clientmqueue (sendmail)
>>>>>    2391  ??  SsJ    0:00,00 /usr/sbin/cron -s
>>>>>    2464   0  SJ     0:00,01 tcsh
>>>>>    2482   0  R+J    0:00,00 ps ax
>>>>> 
>>>>> testbox# ps ax | grep J
>>>>>    2385  ??  IsJ    0:00,00 sendmail: Queue runner@00:30:00 for
>>>>> /var/spool/clientmqueue (sendmail)
>>>>>    2391  ??  SsJ    0:00,00 /usr/sbin/cron -s
>>>>>    2488   0  S+     0:00,00 grep J
>>>>> 
>>>>> testbox is the host.
>
>> Or from the host: sockstat | grep :22. You should see something like
>>
>>    root     sshd       2016  3  tcp4   192.168.17.15:22       *:*
>> 
>> for each jail
>
> testbox# sockstat | grep :22
>
> bernt    sshd       3541  3  tcp4   10.0.0.3:22           80.x.x.x:25605
> root     sshd       3539  3  tcp4   10.0.0.3:22           80.x.x.x:25605
> root     sshd       1296  3  tcp6   *:22                  *:*
> root     sshd       1296  4  tcp4   *:22                  *:*
>
> The jail has ip 10.0.0.10. There is only one jail.
>

I could not see anything you are doing wrong, so here are the relevant parts of 
a host/jail we use for testing. I got all this by following the jail man page 
and/or hacking things that are working. Ihope this helps. This is all on an 8.2 
system.


Host config

rc.conf
---------------------
hostname="bcr.boltsys.com"
ifconfig_em0="DHCP"
sshd_enable="YES"
          :
#jail base settings
inetd_flags="-wW -a 10.1.10.110"
rpcbind_enable="NO"

# Jail general settings
ifconfig_em0_alias0="inet 10.1.10.111 netmask 255.255.255.255"
jail_set_hostname_allow="NO"
jail_enable="YES"
jail_interface="em0"
jail_devfs_enable="YES"
jail_procfs_enable="YES"

jail_list="webmail"
jail_webmail_rootdir="/usr/home/webmail"
jail_webmail_hostname="webmail.boltsys.com"
jail_webmail_ip="10.1.10.111"

ifconfig (host)
----------------
inet 10.1.10.111 netmask 0xffffffff broadcast 10.1.10.111
inet 10.1.10.110 netmask 0xffffff00 broadcast 10.1.10.255


Jail config

rc.conf
---------------------
network_interfaces=""
hostname="webmail.boltsys.com"
sshd_enable="YES"
sendmail_enable="NO"
sendmail_outbound_enable="YES"
inetd_flags="-wW -a 10.1.10.111"
inetd_enable="NO"
rpcbind_enable="NO"


_____
Douglas Denault
http://www.safeport.com
doug@safeport.com
Voice: 301-217-9220
   Fax: 301-217-9277



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1302201830160.74170>