Anyone interested in jail patches?
frank at harz.behrens.de
Sun Nov 30 08:32:24 PST 2008
Bjoern A. Zeeb wrote:
> On Thu, 27 Nov 2008, Frank Behrens wrote:
>> On the other side I still read in the patched jail(2) man page:
>> "Similarly, it might be a good idea to add an address alias flag such
>> that daemons listening on all IPs (INADDR_ANY) will not bind on that
>> address...". Can you explain the current behaviour?
> I think this question is related to your PR kern/84215.
> The current situation is: jails take precendence. So if sshd is
> listening on inaddr_any on the host and on inaddr_any inside a jail
> the connection to an IP belonging to a jail will end up inside the
> jail; any connections to IPs not beloning to jails will end up on the
So we have now the desired behaviour. Your explanation should replace
the (now incorrect) sentence in the man page. Please excuse my error, it
is in jail(8),
> Obviously if you stop the jail and ssh to a former jail IP you'll end
> up on the bsae system and ssh would complain about different keys
> possibly while telnet or similar things won't notice.
This is expected and not easily to circumvent.
More information about the freebsd-jail