Date: Tue, 19 Jun 2007 08:51:11 +0200 From: "Frank Behrens" <frank@pinky.sax.de> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, FreeBSD-gnats-submit@FreeBSD.org Subject: Re: kern/84215: [jail] [patch] wildcard ip (INADDR_ANY) should not bind inside a jail Message-ID: <200706190651.l5J6pBgc025931@pinky.frank-behrens.de> In-Reply-To: <200706190100.l5J10xne085932@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Linimon <linimon@FreeBSD.org> wrote on 19 Jun 2007 1:00: > State-Changed-From-To: open->feedback > Note that feedback (about ssh not working with this patch) was requested > some time ago. Sorry, I must have overlooked that. My answer is: The patch should work, I can not confirm the problem. Meanwhile I'm using this patch for years and I use FreeBSD 6.2-STABLE-200705211513. A short test shows with net.inet.ip.bindwildcardtojails=0: > ifconfig lo1 alias 192.168.200.11 > jail / testssh 192.168.200.11 /bin/csh otherhost>nc -vvv 192.168.0.10 22 router.behrens [192.168.0.10] 22 (?) open SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110 otherhost>nc -vvv 192.168.200.11 22 192.168.200.11: inverse host lookup failed: h_errno 11004: NO_DATA (UNKNOWN) [192.168.200.11] 22 (?): connection refused Now I start inside the jail the sshd daemon: frank@testssh:/# /usr/sbin/sshd frank@testssh:/# sockstat -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sshd 25774 3 tcp4 192.168.200.11:22 *:* and the connection to jail is possible otherhost>nc -vvv 192.168.200.11 22 192.168.200.11: inverse host lookup failed: h_errno 11004: NO_DATA (UNKNOWN) [192.168.200.11] 22 (?) open SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110 The short examples with nc show the same behavior as real ssh connections. Frank Behrens
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706190651.l5J6pBgc025931>