TCP/IP inside of one jail is hosed but other jails (same jail
install) work fine
Chad Leigh -- Shire.Net LLC
chad at shire.net
Mon May 23 09:09:39 PDT 2005
Hi
I am on 5.3-RELEASE with some of the patches (uname = FreeBSD
xxxxxx.org 5.3-RELEASE-p5 FreeBSD 5.3-RELEASE-p5 #5: Sun Apr 24
22:14:42 MDT 2005 chad at xxxxxxxxx.shire.net:/usr/obj/usr/src/sys/
XXXXXXX-SMP i386)
I have a single install of FreeBSD that is used for jails and all the
jails share the basic install through read only partitions mounted
from this root install. (Obviously not the same install as the
running host).
The problem jail has no TCP connectivity except that apache2 works.
Ie, the website is working that runs inside this jail. sshd is
running but you cannot connect to it with ssh with the error in the logs
May 23 09:37:57 xxxxxx sshd[96372]: fatal: Timeout before
authentication for 6x.1xx.4x.58
If I am inside the jail and do, for example, nslookup, I get
# nslookup
> www.sun.com
;; connection timed out; no servers could be reached
>
If I try to ssh out it never finishes. I can ssh out of other jails.
If I try to ping out of another jail, I get "ping: socket: Operation
not permitted". If I try to ping out of this jail I get nothing --
no error. It just "hangs" and does not return to the shell.
/etc/resolv.conf in the jail is correct.
This jail was working and without any changes being made, stopped
working. I have audited /etc and found no changed files.
I stopped and restarted the jail. Did not fix it.
WHat is strange is that apache2 is still responding, and even on
rebooting the jail still works.
If I do a netstat -a in another jail on the same host it comes back
right away. If I do a netstat on this jail, it takes forever but
after a few minutes does finish.
One strange thing is that a netstat -a in the problem jail showed (it
no longer shows after I explicitly put a TCP4 ListenAddress in the
sshd conf in the problem jail and restarted the jail -- problem still
persists)
tcp4 0 0 166.70.252.195.ssh *.*
LISTEN
tcp6 0 0 *.ssh *.*
LISTEN
a tcp6 port open
the same netstat -a in another jail does not show the tcp6 port open.
the host does have "options INET6 # IPv6
communications protocols" in the kernel but both the host and the
jail have 'ipv6_enable="NO" ' in their /etc/rc.conf and /etc/defaults/
rc.conf respectively.
All the jails have the default freebsd sshd conf (except as noted
above).
Any suggestions welcome.
Thanks
Chad
---
Chad Leigh -- Shire.Net LLC
Your Web App and Email hosting provider
chad at shire.net
More information about the freebsd-questions
mailing list