Date: Tue, 29 May 2007 15:00:23 -0400 (EDT) From: Randy Schultz <schulra@earlham.edu> To: questions@freebsd.org Subject: Re: Fwd: Static Routes, gateways and the end of my sanity Message-ID: <Pine.BSF.4.64.0705291455500.51672@tdream.lly.earlham.edu> In-Reply-To: <200705291259.43688.rapopp@eastcentral.edu> References: <200705291259.43688.rapopp@eastcentral.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 29 May 2007, Reuben A. Popp spaketh thusly: -} -}Hello everyone, can someone please (_please_!!) let me know what I'm doing -}wrong in the following example? I am near my wits end on implementing this, -}any suggestions are greatly appreciated! -} -}The scenario is that I have a server here with twin nics, bce0 and bce1; I -}would like bce0 to be connected to our dmz network (192.168.x.x), while bce1 -}would be on our internal network. A jail will reside on the ip assigned to -}bce0, while the regular base system will bind to bce1. -} -}My current rc.conf consists of the following: -}------------------------------------------- -}defaultrouter="10.228.228.254" -}ifconfig_bce0="inet 192.168.4.80 netmask 255.255.255.0" -}ifconfig_bce1="inet 10.228.228.228 media 100BaseTX mediaopt full-duplex -}netmask 255.255.255.0" -} -}# Enable Jails for multi-homed box (video) -}jail_enable="YES" -}jail_list="video" -}jail_video_rootdir="/usr/local/jail/video" -}jail_video_hostname="video.eastcentral.edu" -}jail_video_ip="192.168.4.80" -}jail_named_exec_start="/bin/sh /etc/rc" -}jail_video_devfs_enable="YES" -} -}# Routed and gateway settings -}static_routes="net1" -}route_net1="-net 192.168.4.80/24 -netmask 255.255.255.0 192.168.4.254" -}------------------------------------------ -} -}Of course there's other things in there like binding various services (inetd, -}syslog, et al) to the internal ip. -} -}On bringing the machine up, I can ping both ips just fine; what I can't do is -}ssh to the dmz address. Yes, sshd is running inside the jail ;). The output -}of tcpdump shows a connect to that ip on bce0, but all responses appear to be -}going out on bce1. Are you remembering to edit /etc/ssh/sshd_config for both the jail and the parent system to listen on the appropriate addresses? The jail's /etc/ssh/sshd_config needs a line that says "ListenAddress 192.168.4.80", the parent's sshd_config needs to say "ListenAddress 10.228.228.228". Also, crank up the debugging for sshd with something like "LogLevel DEBUG3" and watch your log files. -- Randy (schulra@earlham.edu) 765.983.1283 <*> Rain puts a hole in stone because of its constancy, not its force. - H. Joseph Gerber
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.64.0705291455500.51672>