ezjail ip conflicts
Karol Kwiatkowski
karol.kwiat at gmail.com
Fri Mar 23 12:49:15 UTC 2007
Robin Becker wrote:
> I'm getting these ip conflicts whilst trying to create a jail
>
> ezjail-admin create ....xxx.xxx.xxx.27
>
> Warning: IP xxx.xxx.xxx.27 not configured on a local interface.
> Warning: Some services already seem to be listening on all IP,
> (including xxx.xxx.xxx.27)
> This may cause some confusion, here they are:
> mysql mysqld 505 10 tcp4 *:3306 *:*
> root syslogd 291 6 udp4 *:514 *:*
>
>
> my rc.conf has
>
> ifconfig_fxp0="inet xxx.xxx.xxx.26 netmask 255.255.255.248"
> defaultrouter="xxx.xxx.xxx.25"
> inetd_flags="-wW -a xxx.xxx.xxx.26"
>
>
> so I believe the xxx.xxx.xxx.27 address is OK, but I guess I need to
> make mysqld and syslogd listen only on xxx.xxx.xxx.26. I don't actually
> understand what's preventing sshd from listening on all the addresses in
> range unless it's the inetd flags, but I thought sshd is started by init
> nowadays.
If you're using sshd as a daemon have a look at "ListenAddress"
directive in /etc/ssh/sshd_config. You can have multiple of those.
> Anyhow I think I can fix the mysqld problem by having
>
> mysql_args="--bind-address=xxx.xxx.xxx.26"
>
> in the rc.conf, but I don't see any easy way to configure syslogd to
> start with a -b xxx.xxx.xxx.26
How about adding 'syslogd_flags' in /etc/rc.conf? Those are the defaults:
# grep syslogd /etc/defaults/rc.conf
syslogd_enable="YES" # Run syslog daemon (or NO).
syslogd_program="/usr/sbin/syslogd" # path to syslogd
syslogd_flags="-s" # Flags to syslogd (if enabled).
Also, if you don't need it to bind at all it's better to use '-ss'.
> how do I fix this or perhaps I don't need to?
You could filter traffic at firewall but it's always better to have a
simpler setup.
HTH,
Karol
--
Karol Kwiatkowski <karol.kwiat at gmail dot com>
OpenPGP 0x06E09309
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070323/af1f8589/signature.pgp
More information about the freebsd-questions
mailing list