ezjail

Ruben de Groot mail25 at bzerk.org
Mon Mar 22 09:56:15 UTC 2010 

On Mon, Mar 22, 2010 at 05:47:09PM +0800, Aiza typed:
> Mark Shroyer wrote:
> >On 3/21/2010 8:21 PM, Aiza wrote:
> >>Does the ip address notation for the jail include the port number?
> >>Like 10.0.20.2:80 Nat port forwarding is the long way around just to get
> >>the correct port number to the jail ip address.
> >
> >Nope, jails are assigned one (or more) specific IP addresses, but not
> >specific port numbers.  So if you don't have a separate public IP for
> >your jail, you'll be relying on some sort of packet filter to redirect
> >traffic to its private IP address.
> >
> >This isn't as big a deal as it may sound, especially if you're already
> >using PF, which has built-in packet redirection capabilities that do not
> >require you to run a separate NAT daemon.
> >
> >
> 
> My host 8.0 system is the gateway to the public internet.
> I have ipfilter running blocking all inbound request for service.
> I only allow out bound request from the LAN behind the gateway and use 
> keep state to allow the packet conversation to continue. All this has 
> worked fine for years across many releases of Freebsd.
> 
> Now comes playing with jails. I created 3 jails, www, ftp, telnet and 
> used ip address of 10.0.20.20, 10.0.20.30, 10.0.20.40. The goal is to 
> target those jails from other PC on the private LAN who are using ip 
> address in the 10.0.10.2 through 10.0.10.8 range.
> 
> I used ezjail-admin onestart and all the jails start. Then did 
> ezjail-admin console ftp.local.com and got logged into that jail. Edited 
> /etc/inetd.conf and uncommented the ftp line. Edited /etc/rc.conf adding 
> inetd_enable="YES" exited the ftp jail. Did ezjail-admin onestop 
> followed by ezjail-admin onestart to cycle the ftp jail to activate the 
> ftp function. ezjail-admin console ftp.local.com to get logged into that 
> jail again. From within the jail did ping -c 2 10.0.10.6 which is a pc 
> on the lan gives me no sockets mesg. And ftp from 10.0.10.6 to 
> 10.0.20.30 the ftp jail gives me no connection error.
> 
> What is the problem here?

How are we supposed to know?

Ruben

More information about the freebsd-questions mailing list