From owner-freebsd-questions@FreeBSD.ORG Wed Apr 23 12:07:29 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 28391106568A for ; Wed, 23 Apr 2008 12:07:29 +0000 (UTC) (envelope-from pascal@clermont.cc) Received: from mail.clermont.cc (clermont.cc [69.70.120.58]) by mx1.freebsd.org (Postfix) with ESMTP id DD4F08FC1B for ; Wed, 23 Apr 2008 12:07:28 +0000 (UTC) (envelope-from pascal@clermont.cc) Received: from localhost (localhost [127.0.0.1]) by mail.clermont.cc (Postfix) with ESMTP id 316321CC65; Wed, 23 Apr 2008 08:11:08 -0400 (EDT) Received: from mail.clermont.cc ([127.0.0.1]) by localhost (mail.clermont.cc [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 43270-05; Wed, 23 Apr 2008 08:11:08 -0400 (EDT) Received: from desktop.clermont.cc (unknown [192.168.100.33]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: pascal@clermont.cc) by mail.clermont.cc (Postfix) with ESMTP id ED83F1CC61; Wed, 23 Apr 2008 08:11:07 -0400 (EDT) Message-ID: <480F2680.40000@clermont.cc> Date: Wed, 23 Apr 2008 08:07:28 -0400 From: P S Clermont User-Agent: Thunderbird 2.0.0.12 (X11/20080401) MIME-Version: 1.0 To: =?UTF-8?B?TmVqYyDFoGtvYmVybmU=?= References: <47F54BB3.1080801@skoberne.net><48071F0E.2020002@skoberne.net> <57200BF94E69E54880C9BB1AF714BBCB5DDDB1@w2003s01.double-l.local> <480DB0E2.3070202@skoberne.net><60553.203.127.42.92.1208860527.squirrel@www.superhero.nl> <480EFF60.3040901@skoberne.net> <57200BF94E69E54880C9BB1AF714BBCB5DDDDC@w2003s01.double-l.local> <480F0C68.9090804@skoberne.net> <480F22F5.5090206@barafranca.com> <480F243E.2010302@skoberne.net> In-Reply-To: <480F243E.2010302@skoberne.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: User Questions , Hugo Silva Subject: Re: FreeBSD 7.0 jail and Samba 3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2008 12:07:29 -0000 Nejc Škoberne wrote: > Hi, > >> I'm not sending this message to the list as I've not been following >> the discussion; I just skimmed thru it. > > I hope you don't mind that I sent it to the list too. > >> I would check too things, a) a firewall (sorry if this has been talked >> about, as I said I didn't read it all) or b) enable raw sockets in >> jails ( security.jail.allow_raw_sockets=1 ). >> >> Let me know if b) works, I plan to setup a samba server on ZFS inside >> a jail when I return home from my travels. > > a) I have no firewall whatsoever running. > b) FreeBSDhost# sysctl -a | grep raw_sockets > security.jail.allow_raw_sockets: 1 > > Thanks, > Nejc I have a samba3 jail serving files, and my sysctl security.jail.allow_raw_sockets=0 Raw sockets allow direct access to the network subsystem.From a security standpoint there's very little reason to allow this and many reasons not to.