Date: Tue, 5 Aug 2003 13:36:36 +0300 From: Peter Pentchev <roam@ringlet.net> To: stakys@punktas.lt Cc: freebsd-security@freebsd.org Subject: Re: Problems with JAIL in 4.8R Message-ID: <20030805103636.GU358@straylight.oblivion.bg> In-Reply-To: <53210.81.7.109.95.1060089623.squirrel@mail.impress.lt> References: <53210.81.7.109.95.1060089623.squirrel@mail.impress.lt>
next in thread | previous in thread | raw e-mail | index | archive | help
--eWbcAUUbgrfSEG1c Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 05, 2003 at 01:20:23PM -0000, stakys@punktas.lt wrote: > On Tue, Aug 05, 2003 at 12:56:36PM -0000, stakys@punktas.lt wrote: > > Hi, i've set the outside ip for the jail..It works.. When i try to ssh = to > > jail'ed system from the main system (in which is created jail) the > > connection is successful, but when i try to connect to jailed system fr= om > > anywhere else i get this message: > > ssh: connect to host IP_NUMBER port 22: Operation timed out > > What can be wrong here? How to solve this problem? >=20 > >>Are you running some sort of firewall on the main system? You might > >>have to add additional rules allowing SSH into the jailed one... >=20 > >>G'luck, > >>Peter >=20 > I'm running IPFW but i put such a lines to ipfw.rules to be sure that it's > not firewall's fault, about connecting to jail'ed system from outside. > Here are the lines: > ipfw add 50 allow ip from any to any via lo0 > ipfw add 51 allow ip from any to any via rl0 If it would not be a great security risk, could you post the whole set of ipfw rules that you are using? Alternatively, could you add a 'log' clause to all the 'deny' rules, and then watch for denied packets in the syslog? As another alternative, you could 'ipfw -f' for the duration of the test... Sorry if I seem fixated on ipfw, but in my limited experience, it is the single most common reason for jail network connectivity problems :) Closely followed by missing /etc/resolv.conf files in jail/chroot filesystems, but that's another story... G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 because I didn't think of a good beginning of it. --eWbcAUUbgrfSEG1c Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/L4i07Ri2jRYZRVMRAmsFAKCEOZFUxXDrpO9xUBdml2ThTAzhLgCgrTo1 LP34wMzB493b7nXGrwED3RU= =sWL5 -----END PGP SIGNATURE----- --eWbcAUUbgrfSEG1c--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030805103636.GU358>