Problems with JAIL in 4.8R

Tue Aug 5 08:58:16 PDT 2003

I've set in my resolv.conf the same nameservers as in main system, and in
jailed system /etc/hosts file i've set this:
JAILED_OUTSIDE_IP            clnt.xxx.com clnt
Also file hosts.allow i do not use.

----- Original Message -----
From: "Hernan Nunez" <hnunez at vianetworks.com.ar>
To: "stakys" <stakys at punktas.lt>; <freebsd-security at freebsd.org>
Sent: Tuesday, August 05, 2003 6:48 PM
Subject: Re: Problems with JAIL in 4.8R

> Do you have configured your /etc/resolv.conf and /etc/hosts ??
> Do you use /etc/hosts.allow ??
>
> ----- Original Message -----
> From: "stakys" <stakys at punktas.lt>
> To: <hnunez at vianetworks.com.ar>; <freebsd-security at freebsd.org>
> Sent: Tuesday, August 05, 2003 12:41 PM
> Subject: Re: Problems with JAIL in 4.8R
>
>
> > I've tried in debug mode but do not gives any error when i get the
> timeout,
> > also my netmask set as you said. Any ideas how to solve it?
> > ----- Original Message -----
> > From: "Hernan Nunez" <hnunez at vianetworks.com.ar>
> > To: <freebsd-security at freebsd.org>
> > Sent: Tuesday, August 05, 2003 5:48 PM
> > Subject: Re: Problems with JAIL in 4.8R
> >
> >
> > > Try using sshd in debug mode [SSHD(8)]. Inside the jail run sshd -ddd,
> > > setting up ListenAddress jail.ip.addr in your sshd_config .,.,
> > >
> > > Tip:
> > > If you are using , in your jail, an ip addr (alias address) from the
> same
> > > network than outside you must use a host mask 255.255.255.255 in your
> > alias
> > > addrs.,.,
> > >
> > > Hernan
> > >
> > >
> > > ----- Original Message -----
> > > From: "stakys" <stakys at punktas.lt>
> > > To: "Konstantin M Volevatch" <cox at rosnet.ru>;
> > <freebsd-security at freebsd.org>
> > > Sent: Tuesday, August 05, 2003 10:45 AM
> > > Subject: Re: Problems with JAIL in 4.8R
> > >
> > >
> > > > Didn't help. Any more suggesstions about solving this problem?
> > > > ----- Original Message -----
> > > > From: "Konstantin M Volevatch" <cox at rosnet.ru>
> > > > To: <stakys at punktas.lt>; <freebsd-security at freebsd.org>
> > > > Sent: Tuesday, August 05, 2003 3:31 PM
> > > > Subject: Re: Problems with JAIL in 4.8R
> > > >
> > > >
> > > > > Try this:
> > > > > ipfw add 52 allow ip from any to me via rl0
> > > > >
> > > > > В сообщении от 5 Август 2003 17:20 stakys at punktas.lt написал:
> > > > > > On Tue, Aug 05, 2003 at 12:56:36PM -0000, stakys at punktas.lt
wrote:
> > > > > > > Hi, i've set the outside ip for the jail..It works.. When i
try
> to
> > > ssh
> > > > to
> > > > > > > jail'ed system from the main system (in which is created jail)
> the
> > > > > > > connection is successful, but when i try to connect to jailed
> > system
> > > > from
> > > > > > > anywhere else i get this message:
> > > > > > > ssh: connect to host IP_NUMBER port 22: Operation timed out
> > > > > > > What can be wrong here? How to solve this problem?
> > > > > > >
> > > > > > >>Are you running some sort of firewall on the main system?  You
> > might
> > > > > > >>have to add additional rules allowing SSH into the jailed
one...
> > > > > > >>
> > > > > > >>G'luck,
> > > > > > >>Peter
> > > > > >
> > > > > > I'm running IPFW but i put such a lines to ipfw.rules to be sure
> > that
> > > > it's
> > > > > > not firewall's fault, about connecting to jail'ed system from
> > outside.
> > > > > > Here are the lines:
> > > > > > ipfw add 50 allow ip from any to any via lo0
> > > > > > ipfw add 51 allow ip from any to any via rl0
> > > > > > _______________________________________________
> > > > > > freebsd-security at freebsd.org mailing list
> > > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-security
> > > > > > To unsubscribe, send any mail to
> > > > "freebsd-security-unsubscribe at freebsd.org"
> > > > >
> > > > > --
> > > > > Konstantin M. Volevatch <cox at rosnet.ru>
> > > > > Internet Service Division, RosNet JSC, Moscow
> > > > > (095) 7813332 [local:4341]
> > > > >
> > > >
> > > > _______________________________________________
> > > > freebsd-security at freebsd.org mailing list
> > > > http://lists.freebsd.org/mailman/listinfo/freebsd-security
> > > > To unsubscribe, send any mail to
> > > "freebsd-security-unsubscribe at freebsd.org"
> > > >
> > >
> > > _______________________________________________
> > > freebsd-security at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-security
> > > To unsubscribe, send any mail to
> > "freebsd-security-unsubscribe at freebsd.org"
> >
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe at freebsd.org"