Re: Problems with JAIL in 4.8R

From: Peter Pentchev (roam_at_ringlet.net)
Date: 08/05/03

Next message: stakys: "Re: Problems with JAIL in 4.8R"

Previous message: Peter Pentchev: "Re: Problems with JAIL in 4.8R"
In reply to: Peter Pentchev: "Re: Problems with JAIL in 4.8R"
Next in thread: stakys: "Re: Problems with JAIL in 4.8R"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 5 Aug 2003 13:39:20 +0300
To: stakys@punktas.lt

On Tue, Aug 05, 2003 at 01:36:36PM +0300, Peter Pentchev wrote:
> On Tue, Aug 05, 2003 at 01:20:23PM -0000, stakys@punktas.lt wrote:
> > On Tue, Aug 05, 2003 at 12:56:36PM -0000, stakys@punktas.lt wrote:
> > > Hi, i've set the outside ip for the jail..It works.. When i try to ssh to
> > > jail'ed system from the main system (in which is created jail) the
> > > connection is successful, but when i try to connect to jailed system from
> > > anywhere else i get this message:
> > > ssh: connect to host IP_NUMBER port 22: Operation timed out
> > > What can be wrong here? How to solve this problem?
> >
> > >>Are you running some sort of firewall on the main system? You might
> > >>have to add additional rules allowing SSH into the jailed one...
> >
> > >>G'luck,
> > >>Peter
> >
> > I'm running IPFW but i put such a lines to ipfw.rules to be sure that it's
> > not firewall's fault, about connecting to jail'ed system from outside.
> > Here are the lines:
> > ipfw add 50 allow ip from any to any via lo0
> > ipfw add 51 allow ip from any to any via rl0
>
> If it would not be a great security risk, could you post the whole
> set of ipfw rules that you are using? Alternatively, could you add a
> 'log' clause to all the 'deny' rules, and then watch for denied packets
> in the syslog? As another alternative, you could 'ipfw -f' for the
> duration of the test...

*THWAP*... Of course I meant 'ipfw flush' :)

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
The rest of this sentence is written in Thailand, on

application/pgp-signature attachment: stored

Next message: stakys: "Re: Problems with JAIL in 4.8R"

Previous message: Peter Pentchev: "Re: Problems with JAIL in 4.8R"
In reply to: Peter Pentchev: "Re: Problems with JAIL in 4.8R"
Next in thread: stakys: "Re: Problems with JAIL in 4.8R"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Page fault in ipfw?
... SMB recursive locking) I observe the following fault when I connect to ... Unread portion of the kernel message buffer: ... ipfw and ppp are in sync with the kernel. ... ipfw rule, but that's not a real solution:) ...
(freebsd-current)
Re: Sockets stuck in FIN_WAIT_1
... There's nothing wrong with running IPFW on the same box :-) ... The keep-state is limited. ... The reason the number of dead connections ...
(freebsd-stable)
Re: Sockets stuck in FIN_WAIT_1
... packet to clear the connections. ... are you running ipfw ON the web server box? ...
(freebsd-stable)
Re: ipfw
... how i can let ipfw work. ... Your machine is not running ipfw. ... or load the KLM (Kernel Loadable Module) ...
(freebsd-questions)
Re: strange ping behavior
... Michael W. Oliver wrote: ... When you try to ping another device from ... Are you running ipfw on the 4.6 machine? ...
(freebsd-questions)