SSH from host to jail
Pat Lashley
patl at volant.org
Mon Jul 28 12:59:51 PDT 2003
--On Sunday, July 27, 2003 16:28:44 -0500 Jon Disnard
<diz at linuxpowered.com> wrote:
> Pat Lashley wrote:
>> I'm trying to set up some jails in a 5.1R system. I've pretty much
>> copied a setup that was working fine in 4.8; but on 5.1 I can't seem
>> to SSH from the host system into one of its jails. It acts like the
>> packets just aren't getting through.
>>
>> I would really appreciate it if somebody would send me rc.conf fragments
>> that are known to work for setting up a jail's IP alias and routing on
>> 5.1.
>
>
> sure, but this isn't going to fix your problem:
>
> ifconfig_wi0="inet 192.168.0.140 netmask 255.255.255.0"
> ifconfig_wi0_alias0="inet 192.168.0.131 netmask 255.255.255.255"
>
> jail_enable="YES"
> jail_list="shiba"
> jail_shiba_hostname="shiba"
> jail_shiba_ip="192.168.0.131"
> jail_shiba_rootdir="/usr/prison/192_168_0_130/"
> jail_shiba_exec="/bin/sh /etc/rc"
Thanks, but this isn't the part I'm interested in. It looks like
what I need is the stuff that sets up the IP alias, routing, etc.
for the jail. The ifconfig_*_alias* and any route_* or related
rc.conf entries.
> To fix your problem you should try to mount a devfs for the jail so the
> tty device is available for sshd to open when you login. I simply added
> one line to my /etc/rc.d/jail script to test for the "dev" mount-point in
> jail. Like so:
Nope, I had a devfs set up.
Note that I'm still getting them set up; so I'm starting them by hand
instead of using the rc script. (Well, actually, I'll use an updated
version of the script I was using on 4.8 because I have some additional
work I want done there and I don't want to start the jails until after
the stuff in /usr/local/etc/rc.d have been run.)
> It could be easy to have it simply exist, or be non-null, to imply a
> desire for devfs, and further checked for the existence of the
> mount-point as I wrote above.
>
> I could have a pr+patch made in 5 minutes if anybody thinks this is not a
> bad idea?
Sounds good to me. And a similar patch for procfs.
Or perhaps some more generic solution that would allow for open-ended
additional mounts?
jail_mumble_mounts='/etc/fstab.mumble'
Then in the loop in /etc/rc.d/jail:
eval jail_fstab=\"$jail_${_jail}_mounts\"
[ -n $jail_fstab ] && mount -a -F $jail_fstab
Note that fstab.mumble is outside the jail; and should only contain
entries for devfs, procfs, and other mounts to be done on top of the
jail before starting it.
-Pat
More information about the freebsd-current
mailing list