jails
Bender, Chris
chris_bender at cellularatsea.com
Tue Jan 31 19:54:16 UTC 2012
Sorry, it has been a long three day..
Here is the sockstat from the host. Lots are listening on 22.
zs1# sockstat -4 | grep 22
root sshd 19910 3 tcp4 172.19.4.67:22
10.200.104.195:18253
11201 sshd 19191 3 tcp4 172.19.4.190:22
172.19.4.202:33555
11201 sshd 19187 3 tcp4 172.19.4.190:22
172.19.4.202:33561
11201 sshd 19182 3 tcp4 172.19.4.190:22
172.19.4.202:33560
11201 sshd 19178 3 tcp4 172.19.4.190:22
172.19.4.202:33557
11201 sshd 19174 3 tcp4 172.19.4.190:22
172.19.4.202:33558
11201 sshd 19170 3 tcp4 172.19.4.190:22
172.19.4.202:33556
11201 sshd 19166 3 tcp4 172.19.4.190:22
172.19.4.202:33559
root sshd 19152 3 tcp4 172.19.4.190:22
172.19.4.202:33561
root sshd 19150 3 tcp4 172.19.4.190:22
172.19.4.202:33560
root sshd 19148 3 tcp4 172.19.4.190:22
172.19.4.202:33559
root sshd 19146 3 tcp4 172.19.4.190:22
172.19.4.202:33558
root sshd 19145 3 tcp4 172.19.4.190:22
172.19.4.202:33557
root sshd 19135 3 tcp4 172.19.4.190:22
172.19.4.202:33556
root sshd 19134 3 tcp4 172.19.4.190:22
172.19.4.202:33555
root sshd 15627 3 tcp4 172.19.4.42:22 *:*
11201 sshd 10653 3 tcp4 172.19.4.190:22
172.19.4.190:16235
root sshd 10439 3 tcp4 172.19.4.190:22
172.19.4.190:16235
11201 ssh 10438 3 tcp4 172.19.4.190:16235
172.19.4.190:22
11201 sshd 10230 3 tcp4 172.19.4.190:22
172.19.4.202:33545
root sshd 10207 3 tcp4 172.19.4.190:22
172.19.4.202:33545
root sshd 9661 3 tcp4 172.19.4.45:22 *:*
root sshd 9229 3 tcp4 172.19.4.38:22 *:*
bind named 9118 518 udp4 172.19.4.38:52131
192.228.79.201:53
bind named 9118 520 udp4 172.19.4.38:51335
192.228.79.201:53
bind named 9118 522 udp4 172.19.4.38:55252 192.33.4.12:53
bind named 9118 540 udp4 172.19.4.38:64367
192.228.79.201:53
bind named 9118 561 udp4 172.19.4.38:62396
192.228.79.201:53
bind named 9118 572 udp4 172.19.4.38:57160
192.228.79.201:53
bind named 9118 575 udp4 172.19.4.38:56313
192.228.79.201:53
root sshd 8874 3 tcp4 172.19.4.36:22 *:*
root sshd 8459 3 tcp4 172.19.4.39:22 *:*
root sshd 8123 3 tcp4 172.19.4.44:22 *:*
root sshd 7774 3 tcp4 172.19.4.190:22 *:*
root sshd 7377 3 tcp4 172.19.4.43:22 *:*
root sshd 7036 3 tcp4 172.19.4.41:22 *:*
root sshd 1470 3 tcp4 172.19.4.67:22
10.200.104.195:57000
root sshd 1329 3 tcp4 172.19.4.67:22 *:*
I looked at the sshd_config on the Jailed system and neither it or the
host
Have the ListenAddress in their respective files.
Thanks
-----Original Message-----
From: Dirk Engling [mailto:erdgeist at erdgeist.org]
Sent: Tuesday, January 31, 2012 2:35 PM
To: Bender, Chris
Cc: freebsd-jail at freebsd.org
Subject: Re: jails
On 31.01.12 20:27, Bender, Chris wrote:
> zs1# ezjail-admin list
> STA JID IP Hostname Root Directory
> --- ---- --------------- ------------------------------
> ------------------------
> DR 14 172.19.4.36 wiki
/usr/jails/wiki
> DR 9 172.19.4.41 tools2
> /usr/jails/tools2
> DR 16 172.19.4.45 rt3 /usr/jails/rt3
> DR 17 172.19.4.42 rep /usr/jails/rep
> DR 11 172.19.4.190 npins
/usr/jails/npims
> DR 13 172.19.4.39 logger
> /usr/jails/logger
> DR 12 172.19.4.44 inventory
> /usr/jails/inventory
> DR 15 172.19.4.38 dns2
/usr/jails/dns2
> DSN N/A 172.19.4.37 dns1
/usr/jails/dns1
> DSN N/A 172.19.4.32 db /usr/jails/db
> DSN N/A 172.19.4.31 coremon
> /usr/jails/coremon
> DR 10 172.19.4.43 cf /usr/jails/cf
This shows that all the jails that are supposed to run, are actually
running. You can console into the jail by
ezjail-admin console tools2
and check if there are any services running. For starters you could
check if in the jail's rc.conf you have sshd enabled.
If that is the case, you can check if the host system's sshd binds on
*:22, making it impossible for the jail's sshds to bind to their port
22.
Check for:
#ListenAddress 0.0.0.0
in the host system's /etc/ssh/sshd_config and make it bind to the host
system's primary IP address.
A 'sockstat -4l | grep 22' in the host system will also tell you about
services listening on all IP addresses.
Regards,
erdgeist
More information about the freebsd-jail
mailing list