TCP/IP inside of one jail is hosed but other jails (same jail install) work fine

Chad Leigh -- Shire.Net LLC chad at shire.net
Mon May 23 09:09:39 PDT 2005


Hi

I am on 5.3-RELEASE with some of the patches (uname = FreeBSD  
xxxxxx.org 5.3-RELEASE-p5 FreeBSD 5.3-RELEASE-p5 #5: Sun Apr 24  
22:14:42 MDT 2005     chad at xxxxxxxxx.shire.net:/usr/obj/usr/src/sys/ 
XXXXXXX-SMP  i386)

I have a single install of FreeBSD that is used for jails and all the  
jails share the basic install through read only partitions mounted  
from this root install.  (Obviously not the same install as the  
running host).

The problem jail has no TCP connectivity except that apache2 works.   
Ie, the website is working that runs inside this jail.  sshd is  
running but you cannot connect to it with ssh with the error in the logs

May 23 09:37:57 xxxxxx sshd[96372]: fatal: Timeout before  
authentication for 6x.1xx.4x.58

If I am inside the jail and do, for example, nslookup, I get

# nslookup
 > www.sun.com
;; connection timed out; no servers could be reached
 >


If I try to ssh out it never finishes.  I can ssh out of other jails.

If I try to ping out of another jail, I get "ping: socket: Operation  
not permitted".  If I try to ping out of this jail I get nothing --  
no error.  It just "hangs" and does not return to the shell.

/etc/resolv.conf in the jail is correct.

This jail was working and without any changes being made, stopped  
working.  I have audited /etc and found no changed files.

I stopped and restarted the jail.  Did not fix it.

WHat is strange is that apache2 is still responding, and even on  
rebooting the jail still works.

If I do a netstat -a in another jail on the same host it comes back  
right away.  If I do a netstat on this jail, it takes forever but  
after a few minutes does finish.

One strange thing is that a netstat -a in the problem jail showed (it  
no longer shows after I explicitly put a TCP4 ListenAddress in the  
sshd conf in the problem jail and restarted the jail -- problem still  
persists)

tcp4       0      0  166.70.252.195.ssh     *.*                     
LISTEN
tcp6       0      0  *.ssh                  *.*                     
LISTEN

a tcp6 port open

the same netstat -a in another jail does not show the tcp6 port open.

the host does have "options         INET6                   # IPv6  
communications protocols" in the kernel but both the host and the  
jail have 'ipv6_enable="NO" ' in their /etc/rc.conf and /etc/defaults/ 
rc.conf respectively.

All the jails have the default freebsd sshd conf (except as noted  
above).


Any suggestions welcome.

Thanks
Chad


---
Chad Leigh -- Shire.Net LLC
Your Web App and Email hosting provider
chad at shire.net




More information about the freebsd-questions mailing list