Re: Problems with JAIL in 4.8R

From: stakys (stakys_at_punktas.lt)
Date: 08/05/03

  • Next message: Peter Pentchev: "Re: Problems with JAIL in 4.8R"
    To: <hnunez@vianetworks.com.ar>, <freebsd-security@freebsd.org>
    Date: Tue, 5 Aug 2003 18:58:08 +0300
    
    

    I've set in my resolv.conf the same nameservers as in main system, and in
    jailed system /etc/hosts file i've set this:
    JAILED_OUTSIDE_IP clnt.xxx.com clnt
    Also file hosts.allow i do not use.

    ----- Original Message -----
    From: "Hernan Nunez" <hnunez@vianetworks.com.ar>
    To: "stakys" <stakys@punktas.lt>; <freebsd-security@freebsd.org>
    Sent: Tuesday, August 05, 2003 6:48 PM
    Subject: Re: Problems with JAIL in 4.8R

    > Do you have configured your /etc/resolv.conf and /etc/hosts ??
    > Do you use /etc/hosts.allow ??
    >
    > ----- Original Message -----
    > From: "stakys" <stakys@punktas.lt>
    > To: <hnunez@vianetworks.com.ar>; <freebsd-security@freebsd.org>
    > Sent: Tuesday, August 05, 2003 12:41 PM
    > Subject: Re: Problems with JAIL in 4.8R
    >
    >
    > > I've tried in debug mode but do not gives any error when i get the
    > timeout,
    > > also my netmask set as you said. Any ideas how to solve it?
    > > ----- Original Message -----
    > > From: "Hernan Nunez" <hnunez@vianetworks.com.ar>
    > > To: <freebsd-security@freebsd.org>
    > > Sent: Tuesday, August 05, 2003 5:48 PM
    > > Subject: Re: Problems with JAIL in 4.8R
    > >
    > >
    > > > Try using sshd in debug mode [SSHD(8)]. Inside the jail run sshd -ddd,
    > > > setting up ListenAddress jail.ip.addr in your sshd_config .,.,
    > > >
    > > > Tip:
    > > > If you are using , in your jail, an ip addr (alias address) from the
    > same
    > > > network than outside you must use a host mask 255.255.255.255 in your
    > > alias
    > > > addrs.,.,
    > > >
    > > > Hernan
    > > >
    > > >
    > > > ----- Original Message -----
    > > > From: "stakys" <stakys@punktas.lt>
    > > > To: "Konstantin M Volevatch" <cox@rosnet.ru>;
    > > <freebsd-security@freebsd.org>
    > > > Sent: Tuesday, August 05, 2003 10:45 AM
    > > > Subject: Re: Problems with JAIL in 4.8R
    > > >
    > > >
    > > > > Didn't help. Any more suggesstions about solving this problem?
    > > > > ----- Original Message -----
    > > > > From: "Konstantin M Volevatch" <cox@rosnet.ru>
    > > > > To: <stakys@punktas.lt>; <freebsd-security@freebsd.org>
    > > > > Sent: Tuesday, August 05, 2003 3:31 PM
    > > > > Subject: Re: Problems with JAIL in 4.8R
    > > > >
    > > > >
    > > > > > Try this:
    > > > > > ipfw add 52 allow ip from any to me via rl0
    > > > > >
    > > > > > В сообщении от 5 Август 2003 17:20 stakys@punktas.lt написал:
    > > > > > > On Tue, Aug 05, 2003 at 12:56:36PM -0000, stakys@punktas.lt
    wrote:
    > > > > > > > Hi, i've set the outside ip for the jail..It works.. When i
    try
    > to
    > > > ssh
    > > > > to
    > > > > > > > jail'ed system from the main system (in which is created jail)
    > the
    > > > > > > > connection is successful, but when i try to connect to jailed
    > > system
    > > > > from
    > > > > > > > anywhere else i get this message:
    > > > > > > > ssh: connect to host IP_NUMBER port 22: Operation timed out
    > > > > > > > What can be wrong here? How to solve this problem?
    > > > > > > >
    > > > > > > >>Are you running some sort of firewall on the main system? You
    > > might
    > > > > > > >>have to add additional rules allowing SSH into the jailed
    one...
    > > > > > > >>
    > > > > > > >>G'luck,
    > > > > > > >>Peter
    > > > > > >
    > > > > > > I'm running IPFW but i put such a lines to ipfw.rules to be sure
    > > that
    > > > > it's
    > > > > > > not firewall's fault, about connecting to jail'ed system from
    > > outside.
    > > > > > > Here are the lines:
    > > > > > > ipfw add 50 allow ip from any to any via lo0
    > > > > > > ipfw add 51 allow ip from any to any via rl0
    > > > > > > _______________________________________________
    > > > > > > freebsd-security@freebsd.org mailing list
    > > > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > > > > > > To unsubscribe, send any mail to
    > > > > "freebsd-security-unsubscribe@freebsd.org"
    > > > > >
    > > > > > --
    > > > > > Konstantin M. Volevatch <cox@rosnet.ru>
    > > > > > Internet Service Division, RosNet JSC, Moscow
    > > > > > (095) 7813332 [local:4341]
    > > > > >
    > > > >
    > > > > _______________________________________________
    > > > > freebsd-security@freebsd.org mailing list
    > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > > > > To unsubscribe, send any mail to
    > > > "freebsd-security-unsubscribe@freebsd.org"
    > > > >
    > > >
    > > > _______________________________________________
    > > > freebsd-security@freebsd.org mailing list
    > > > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > > > To unsubscribe, send any mail to
    > > "freebsd-security-unsubscribe@freebsd.org"
    > >
    >
    > _______________________________________________
    > freebsd-security@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > To unsubscribe, send any mail to
    "freebsd-security-unsubscribe@freebsd.org"

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Peter Pentchev: "Re: Problems with JAIL in 4.8R"

    Relevant Pages

    • Re: [Etch] pppoe problem - unable to ping or lookup
      ... > and yahoo.com's) and was unable to get any response. ... pppoeconf sets the ... nameservers in /etc/resolv.conf ... ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
      (Debian-User)
    • Re: how to properly add a dns server
      ... kind of thin, but I suspect that this requirement for the other nameservers ... coming after the nameservers that the DHCP ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
      (Debian-User)
    • need help with BIND9
      ... I need help setting up nameservers for my own domain. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
      (Debian-User)
    • Re: [Etch] pppoe problem - unable to ping or lookup
      ... and yahoo.com's) and was unable to get any response. ... nameservers in /etc/resolv.conf ... ... resolv.conf but still this happened time and again. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)
    • Re: Internet Dial-up Connection Setting
      ... Do You Yahoo!? ... Mail has the best spam protection around ... and use the nameservers from there. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)