ezjail ip conflicts

Karol Kwiatkowski karol.kwiat at gmail.com
Fri Mar 23 12:49:15 UTC 2007


Robin Becker wrote:
> I'm getting these ip conflicts whilst trying to create a jail
> 
> ezjail-admin create ....xxx.xxx.xxx.27
> 
> Warning: IP xxx.xxx.xxx.27 not configured on a local interface.
> Warning: Some services already seem to be listening on all IP,
> (including xxx.xxx.xxx.27)
>   This may cause some confusion, here they are:
> mysql    mysqld     505   10 tcp4   *:3306                *:*
> root     syslogd    291   6  udp4   *:514                 *:*
> 
> 
> my rc.conf has
> 
> ifconfig_fxp0="inet xxx.xxx.xxx.26  netmask 255.255.255.248"
> defaultrouter="xxx.xxx.xxx.25"
> inetd_flags="-wW -a xxx.xxx.xxx.26"
> 
> 
> so I believe the xxx.xxx.xxx.27 address is OK, but I guess I need to
> make mysqld and syslogd listen only on xxx.xxx.xxx.26. I don't actually
> understand what's preventing sshd from listening on all the addresses in
> range unless it's the inetd flags, but I thought sshd is started by init
> nowadays.

If you're using sshd as a daemon have a look at "ListenAddress"
directive in /etc/ssh/sshd_config. You can have multiple of those.


> Anyhow I think I can fix the mysqld problem by having
> 
> mysql_args="--bind-address=xxx.xxx.xxx.26"
> 
> in the rc.conf, but I don't see any easy way to configure syslogd to
> start with a -b xxx.xxx.xxx.26

How about adding 'syslogd_flags' in /etc/rc.conf? Those are the defaults:

# grep syslogd /etc/defaults/rc.conf
syslogd_enable="YES"            # Run syslog daemon (or NO).
syslogd_program="/usr/sbin/syslogd" # path to syslogd
syslogd_flags="-s"              # Flags to syslogd (if enabled).

Also, if you don't need it to bind at all it's better to use '-ss'.


> how do I fix this or perhaps I don't need to?

You could filter traffic at firewall but it's always better to have a
simpler setup.

HTH,

Karol

-- 
Karol Kwiatkowski   <karol.kwiat at gmail dot com>
OpenPGP 0x06E09309

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070323/af1f8589/signature.pgp


More information about the freebsd-questions mailing list