kern/84215: [jail] [patch] wildcard ip (INADDR_ANY) should not
bind inside a jail
Frank Behrens
frank at pinky.sax.de
Tue Jun 19 07:00:21 UTC 2007
The following reply was made to PR kern/84215; it has been noted by GNATS.
From: "Frank Behrens" <frank at pinky.sax.de>
To: linimon at FreeBSD.org, freebsd-bugs at FreeBSD.org,
FreeBSD-gnats-submit at FreeBSD.org
Cc:
Subject: Re: kern/84215: [jail] [patch] wildcard ip (INADDR_ANY) should not bind inside a jail
Date: Tue, 19 Jun 2007 08:51:11 +0200
Mark Linimon <linimon at FreeBSD.org> wrote on 19 Jun 2007 1:00:
> State-Changed-From-To: open->feedback
> Note that feedback (about ssh not working with this patch) was requested
> some time ago.
Sorry, I must have overlooked that. My answer is:
The patch should work, I can not confirm the problem. Meanwhile I'm using this patch for
years and I use FreeBSD 6.2-STABLE-200705211513.
A short test shows with net.inet.ip.bindwildcardtojails=0:
> ifconfig lo1 alias 192.168.200.11
> jail / testssh 192.168.200.11 /bin/csh
otherhost>nc -vvv 192.168.0.10 22
router.behrens [192.168.0.10] 22 (?) open
SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110
otherhost>nc -vvv 192.168.200.11 22
192.168.200.11: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [192.168.200.11] 22 (?): connection refused
Now I start inside the jail the sshd daemon:
frank at testssh:/# /usr/sbin/sshd
frank at testssh:/# sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root sshd 25774 3 tcp4 192.168.200.11:22 *:*
and the connection to jail is possible
otherhost>nc -vvv 192.168.200.11 22
192.168.200.11: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [192.168.200.11] 22 (?) open
SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110
The short examples with nc show the same behavior as real ssh connections.
Frank Behrens
More information about the freebsd-bugs
mailing list