From owner-freebsd-jail@FreeBSD.ORG Mon Nov 8 11:06:59 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F0EE21065679 for ; Mon, 8 Nov 2010 11:06:59 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DDDFA8FC1C for ; Mon, 8 Nov 2010 11:06:59 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oA8B6xu5088128 for ; Mon, 8 Nov 2010 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oA8B6xNo088126 for freebsd-jail@FreeBSD.org; Mon, 8 Nov 2010 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 8 Nov 2010 11:06:59 GMT Message-Id: <201011081106.oA8B6xNo088126@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Nov 2010 11:07:00 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/150599 jail [patch] /etc/rc.d/jail does not set jailname. o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 8 problems total. From owner-freebsd-jail@FreeBSD.ORG Wed Nov 10 17:40:09 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 023B8106564A for ; Wed, 10 Nov 2010 17:40:09 +0000 (UTC) (envelope-from antinix@gmail.com) Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id AED558FC1A for ; Wed, 10 Nov 2010 17:40:08 +0000 (UTC) Received: by qwj8 with SMTP id 8so76945qwj.13 for ; Wed, 10 Nov 2010 09:40:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:sender:received:from:date :x-google-sender-auth:message-id:subject:to:content-type; bh=7dEi2Nkqb1MrZ2dFBJEqd9EesYyDB+XiMPRJA3WeOgA=; b=hXMiv3brxU1krAZuWi1UoSOakULEnJWODgKX5Uy8tWzksf4MAx3akDSiLBlBCjYmgu f/5hBMkQa+3/ZJeI831cmEYYqltTYopjvW1WQr29x63kxjwWvr4HOF4AT2G73BSXA/Wg ubZdCEaTjGyjAzwm3Z7G49RXJUHYO2myule0g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:content-type; b=OK1UCJVK7J81Rd70MVz0cXDQqEyNAh9A4hVe63EK8bM30DegBvv3nJ9BkfI0pU0CS5 ohiX9aZgWkEGBHYI77lbaikVdrkMPHAY/rlEySoLi65VFnPiqoDBCeDh6pZ7RURVTZMG rwpsdut77P+LUrOgEbuf0x3ll3afRVq5QCX6A= Received: by 10.224.179.4 with SMTP id bo4mr6562749qab.245.1289409399144; Wed, 10 Nov 2010 09:16:39 -0800 (PST) MIME-Version: 1.0 Sender: antinix@gmail.com Received: by 10.229.216.144 with HTTP; Wed, 10 Nov 2010 09:16:18 -0800 (PST) From: Andrei Kolu Date: Wed, 10 Nov 2010 19:16:18 +0200 X-Google-Sender-Auth: gTNFcS7RBhMNXbF1n6CbU7wNze8 Message-ID: To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: loopback in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2010 17:40:09 -0000 Hi, I have problem with binding port to localhost inside of jail (ezjail). instead of this: vscan perl 51376 5 tcp4 194.xxx.yyy.22:10024 I need this: vscan perl 51376 5 tcp4 127.0.0.1:10024 Is it possible to bind anything inside jail to 127.0.0.1? FreeBSD 8.1-STABLE #1: Sat Oct 30 19:27:48 EEST 2010 ezjail-3.1 From owner-freebsd-jail@FreeBSD.ORG Wed Nov 10 18:02:50 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40A551065675 for ; Wed, 10 Nov 2010 18:02:50 +0000 (UTC) (envelope-from michael.scheidell@secnap.com) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.freebsd.org (Postfix) with ESMTP id 06D818FC22 for ; Wed, 10 Nov 2010 18:02:49 +0000 (UTC) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [10.70.1.253]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id AE5672B7C0B; Wed, 10 Nov 2010 12:46:46 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.com; h= content-type:content-type:in-reply-to:references:subject:subject :mime-version:user-agent:from:from:date:date:message-id; s=dkim; t=1289411205; x=1291225605; bh=0jBO7BdmvEZE9fDumwhQWqYmIKgbLaR9 Rn+MaswTp0g=; b=Vhyno5fcuFJe2roSSzvYj0L0A/ethkbXOY2xaCwudoPQ74Un NPBhkJB8gtKymMOkrWptbluBu5yLqcUoZXVNyLgq4pUk7IzITA/BQZIZPxPMADXW SNuNshc+TMBp8mSmpk0kGLQ9LUt05eZjfMfdmzVtGhaudHBIvqpjqBPJvRQ= X-Amavis-Modified: Mail body modified (using disclaimer) - mx1.secnap.com.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.13 at mx1.secnap.com.ionspam.net Received: from USBCTDC001.secnap.com (usbctdc001.secnap.com [10.70.1.1]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.secnap.com.ionspam.net (Postfix) with ESMTPS id B639F2B7C09; Wed, 10 Nov 2010 12:46:45 -0500 (EST) Received: from macintosh.secnap.com (10.70.3.3) by USBCTDC001.secnap.com (10.70.1.1) with Microsoft SMTP Server (TLS) id 14.0.702.0; Wed, 10 Nov 2010 12:46:45 -0500 Message-ID: <4CDADA88.5000706@secnap.com> Date: Wed, 10 Nov 2010 12:46:48 -0500 From: Michael Scheidell User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 MIME-Version: 1.0 To: Andrei Kolu References: In-Reply-To: Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org Subject: Re: loopback in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2010 18:02:50 -0000 for amavisd-new, right? On 11/10/10 12:16 PM, Andrei Kolu wrote: > Hi, > > I have problem with binding port to localhost inside of jail (ezjail). > can only have one '127.0.0.1'. even with vnet, I am sure. /usr/local/etc/amavisd.conf:$inet_socket_port = 10024; should be fine. however, you also need this: @inet_acl = ( qw [ 0.0.0.0/0 ] ); plus a lot of things. We have a commercial hosted email security product with multiple dozens of amavisd based VPS's and it took a while to get it to work. try the amavisd users group as well. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ ______________________________________________________________________ From owner-freebsd-jail@FreeBSD.ORG Thu Nov 11 08:31:34 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B35FB106566C for ; Thu, 11 Nov 2010 08:31:34 +0000 (UTC) (envelope-from antinix@gmail.com) Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id 677278FC18 for ; Thu, 11 Nov 2010 08:31:34 +0000 (UTC) Received: by qwj8 with SMTP id 8so804788qwj.13 for ; Thu, 11 Nov 2010 00:31:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:sender:received :in-reply-to:references:from:date:x-google-sender-auth:message-id :subject:cc:content-type:content-transfer-encoding; bh=yTegnH6yC4YQefJh80Gs2d8xRu8sruVKiUw2FkgJfkU=; b=odAvVtLOp1ydyAmNLeQgkF+Xho/bhBnQOJ0fcUIVEUURc4y1pvU1VppWDoD3rp+oDQ vbJNgnajrvH0nWASfvb9hzFkSIBGTCsMd5iEQuGynCTdw5cEIJkBxKQipqksoXtT1LoT XyhbrDXcIOxTUYjvSB9kFuHMFveFZCld8vFXA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:cc:content-type :content-transfer-encoding; b=NAZWuZzAf/X27JnIWAVcd/1pXx5vF0n2jGaEDCcnrM/Dlpos9UujILs6s0f503mw0v SexUUqwi27USlP0AdvU08GgBbIZTsS+P2o8kUhHu8+EmWQDLpcLs2scg2vb94DY5A3e0 TNBEOYS7pzw9wvNxdXCrl1i5Tc1xFpnMIBpDA= Received: by 10.229.82.10 with SMTP id z10mr566045qck.98.1289464292443; Thu, 11 Nov 2010 00:31:32 -0800 (PST) MIME-Version: 1.0 Sender: antinix@gmail.com Received: by 10.229.216.144 with HTTP; Thu, 11 Nov 2010 00:31:12 -0800 (PST) In-Reply-To: <4CDADA88.5000706@secnap.com> References: <4CDADA88.5000706@secnap.com> From: Andrei Kolu Date: Thu, 11 Nov 2010 10:31:12 +0200 X-Google-Sender-Auth: -_EJFC-yrW9ORRyiOYkuMH_m9tQ Message-ID: Cc: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: loopback in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2010 08:31:34 -0000 2010/11/10 Michael Scheidell > > for amavisd-new, right? > > > On 11/10/10 12:16 PM, Andrei Kolu wrote: > > Hi, > > I have problem with binding port to localhost inside of jail (ezjail). > > can only have one '127.0.0.1'.=A0 even with vnet, I am sure. > > > /usr/local/etc/amavisd.conf:$inet_socket_port =3D 10024; > should be fine. > however, you also need this: > > @inet_acl =3D ( qw [ 0.0.0.0/0 ] ); > > plus a lot of things.=A0 We have a commercial hosted email security produ= ct with multiple dozens of amavisd based VPS's and it took a while to get i= t to work. > try the amavisd users group as well. > > -- > Michael Scheidell, CTO I see. But I am testing right now kernel with "options VIMAGE" and here is the results: # ifconfig epair create # jail -c vnet name=3Dtest1 host.hostname=3Dtest1 path=3D/ persist # ifconfig epair0b vnet 1 # jexec 1 ifconfig epair0b 192.168.11.2 # jexec 1 ifconfig lo0: flags=3D8008 metric 0 mtu 16384 options=3D3 epair0b: flags=3D8843 metric 0 mtu = 1500 ether 02:62:68:00:05:0b inet 192.168.11.2 netmask 0xffffff00 broadcast 192.168.11.255 inet6 fe80::62:68ff:fe00:50b%epair0b prefixlen 64 scopeid 0x2 nd6 options=3D3 Now I'll try to configure localhost! # jexec 1 ifconfig lo0 localhost Let me see what's happened # jexec 1 ifconfig lo0: flags=3D8049 metric 0 mtu 16384 options=3D3 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=3D3 epair0b: flags=3D8843 metric 0 mtu = 1500 ether 02:62:68:00:05:0b inet6 fe80::62:68ff:fe00:50b%epair0b prefixlen 64 scopeid 0x2 inet 192.168.11.2 netmask 0xffffff00 broadcast 192.168.11.255 nd6 options=3D3 Wow, I have local ip address now. Can't do same thing without VIMAGE # ifconfig lo0 localhost ifconfig: ioctl (SIOCDIFADDR): permission denied This is only preliminary testing but things are looking quite different I g= uess. FreeBSD 8.1-STABLE #1: Thu Nov 11 09:36:29 EET 2010 From owner-freebsd-jail@FreeBSD.ORG Thu Nov 11 09:06:08 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C01C1106566B for ; Thu, 11 Nov 2010 09:06:08 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: from mailout-eu.gmx.com (mailout-eu.gmx.com [213.165.64.42]) by mx1.freebsd.org (Postfix) with SMTP id 2EACE8FC17 for ; Thu, 11 Nov 2010 09:06:08 +0000 (UTC) Received: (qmail 8706 invoked by uid 0); 11 Nov 2010 09:06:06 -0000 Received: from 91.140.85.15 by rms-eu011.v300.gmx.net with HTTP Content-Type: text/plain; charset="utf-8" Date: Thu, 11 Nov 2010 09:51:05 +0100 From: "Nikos Vassiliadis" Message-ID: <20101111090603.292280@gmx.com> MIME-Version: 1.0 To: "Andrei Kolu" ,freebsd-jail@freebsd.org X-Authenticated: #46156728 X-Flags: 0001 X-Mailer: GMX.com Web Mailer x-registered: 0 Content-Transfer-Encoding: 8bit X-GMX-UID: rNSpbEgTeSEqQ9koq3YhdwV+IGRvb8Bp Cc: Subject: Re: loopback in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2010 09:06:08 -0000 > Hi, > > I have problem with binding port to localhost inside of jail (ezjail). > > instead of this: > vscan    perl       51376 5  tcp4   194.xxx.yyy.22:10024 > > I need this: > vscan    perl       51376 5  tcp4   127.0.0.1:10024 > > Is it possible to bind anything inside jail to 127.0.0.1? Yes, if the jail has rights to the 127.0.0.1 address. > raidmadi# jail -c persist ip4.addr=127.0.0.1 > raidmadi# jls >    JID  IP Address      Hostname                      Path >      1  -               nik                           /jails/nik >      2  -               test                          / >      3  -               testo                         / >      4  -               isudhfius                     /jails/nik >      5  -                                             / >      8  127.0.0.1                                     / > raidmadi# jexec 8 csh > # nc -l 8888 & > [1] 38411 > # sockstat -4 > USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS > root     nc         38411 3  tcp4   127.0.0.1:8888        *:* Is this a multi-IP jail? The case is slightly different with multi-IP jails. From jail(8):     ip4.addr     A comma-separated list of IPv4 addresses assigned to the prison.     If this is set, the jail is restricted to using only these     address.  Any attempts to use other addresses fail, and attempts     to use wildcard addresses silently use the jailed address     instead.  For IPv4 the first address given will be kept used as     the source address in case source address selection on unbound     sockets cannot find a better match.  It is only possible to start     multiple jails with the same IP address, if none of the jails has     more than this single overlapping IP address assigned to itself. HTH, Nikos From owner-freebsd-jail@FreeBSD.ORG Thu Nov 11 10:13:20 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 520CA106564A for ; Thu, 11 Nov 2010 10:13:20 +0000 (UTC) (envelope-from freddy.dsx@free.fr) Received: from smtpfb2-g21.free.fr (smtpfb2-g21.free.fr [212.27.42.10]) by mx1.freebsd.org (Postfix) with ESMTP id DE6458FC18 for ; Thu, 11 Nov 2010 10:13:18 +0000 (UTC) Received: from smtp2-g21.free.fr (smtp2-g21.free.fr [212.27.42.2]) by smtpfb2-g21.free.fr (Postfix) with ESMTP id F32E0D1A040 for ; Thu, 11 Nov 2010 10:53:29 +0100 (CET) Received: from linutop.bsdsx.fr (unknown [82.238.159.102]) by smtp2-g21.free.fr (Postfix) with ESMTP id CA0D04B01DC for ; Thu, 11 Nov 2010 10:53:22 +0100 (CET) Received: from linutop.bsdsx.fr (localhost.bsdsx.fr [127.0.0.1]) by linutop.bsdsx.fr (8.14.3/8.14.3) with ESMTP id oAB9rLwU007552 for ; Thu, 11 Nov 2010 10:53:21 +0100 (CET) Received: (from dsx@localhost) by linutop.bsdsx.fr (8.14.3/8.14.3/Submit) id oAB9rK9f019761 for freebsd-jail@freebsd.org; Thu, 11 Nov 2010 10:53:20 +0100 (CET) Date: Thu, 11 Nov 2010 10:53:20 +0100 From: Freddy DISSAUX To: freebsd-jail@freebsd.org Message-ID: <20101111095320.GO2114@linutop.bsdsx.fr> References: <20101111090603.292280@gmx.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20101111090603.292280@gmx.com> User-Agent: Mutt/1.5.18 (2008-05-17) Subject: Re: loopback in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2010 10:13:20 -0000 Hi, Host: FreeBSD ks34581.bsdsx.fr 8.1-RELEASE-p1 FreeBSD 8.1-RELEASE-p1 #0: Thu Oct 7 22:11:15 CEST 2010 root@ks34581.bsdsx.fr:/usr/obj/usr/src/sys/GENERIC amd64 /etc/rc.conf: jail_ns81_rootdir=/zfs/jail/ns81 jail_ns81_hostname=ns81.bsdsx.fr jail_ns81_devfs_enable="YES" jail_ns81_devfs_ruleset="devfsrules_jail" jail_ns81_ip="lo0|127.0.0.8,lo1|172.16.0.8,vr0|2001:41d0:1:34b6::8" jail_ns81_flags="-l -U root -n ns81" Inside ns81: dsx@ns81>uname -a FreeBSD ns81.bsdsx.fr 8.1-RELEASE-p1 FreeBSD 8.1-RELEASE-p1 #0: Thu Oct 7 22:11:15 CEST 2010 root@ks34581.bsdsx.fr:/usr/obj/usr/src/sys/GENERIC amd64 dsx@ns81>ifconfig vr0: flags=8843 metric 0 mtu 1500 options=82808 ether 00:15:f2:5d:cc:a0 inet6 2001:41d0:1:34b6::8 prefixlen 128 nd6 options=3 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=8810 metric 0 mtu 1500 lo0: flags=8049 metric 0 mtu 16384 options=3 inet 127.0.0.8 netmask 0xffffffff lo1: flags=8049 metric 0 mtu 16384 options=3 inet 172.16.0.8 netmask 0xffffffff pflog0: flags=141 metric 0 mtu 33152 dsx@ns81>netstat -an -f inet netstat: kvm not available: /dev/mem: No such file or directory Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 *.22 *.* LISTEN tcp4 0 0 127.0.0.8.953 *.* LISTEN tcp4 0 0 172.16.0.8.53 *.* LISTEN tcp4 0 0 127.0.0.8.53 *.* LISTEN udp4 0 0 172.16.0.8.53 *.* udp4 0 0 127.0.0.8.53 *.* Hope this help, Regards. From owner-freebsd-jail@FreeBSD.ORG Thu Nov 11 10:15:30 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 613B310656B4 for ; Thu, 11 Nov 2010 10:15:30 +0000 (UTC) (envelope-from antinix@gmail.com) Received: from mail-qy0-f175.google.com (mail-qy0-f175.google.com [209.85.216.175]) by mx1.freebsd.org (Postfix) with ESMTP id 126118FC15 for ; Thu, 11 Nov 2010 10:15:29 +0000 (UTC) Received: by qyk36 with SMTP id 36so840794qyk.13 for ; Thu, 11 Nov 2010 02:15:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:sender:received :in-reply-to:references:from:date:x-google-sender-auth:message-id :subject:cc:content-type:content-transfer-encoding; bh=DEP+7/Eb8d5z6I+PiBuMDL4kve7Aa8lqlC3FWzyVZ20=; b=gMYyafTP7jEN7y9aNPwRDbtOwMzR/A08U0btK/IEqPdB2K8iin4MoWfH7YdtAATlCo YUAQ3AHbqRxKcs9/+SwrpA6CsPJNjd4w8mnk1fa3G8dKy5jrf1/Tnvoq9oX5Qe9KCEHO /3CmxPowdkRV9uauqz16SvIEdDmL817gIVopo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:cc:content-type :content-transfer-encoding; b=EBDFXDc028OMy+YK99FNAi96qevKbBUWO99PBnDBRsGwAxa/R/JuAtkUiB02VPbo8q FZSYq7hypp3fWQADE9pu9vdcJSWai2TMpjSjNU5TTILheMzwwpJ7nAd5tgr8Wj/Jh5tS NQxks92jxTDIVSW+N0NZiyS94Voy2xu39BRMU= Received: by 10.229.82.10 with SMTP id z10mr648047qck.98.1289470529313; Thu, 11 Nov 2010 02:15:29 -0800 (PST) MIME-Version: 1.0 Sender: antinix@gmail.com Received: by 10.229.216.144 with HTTP; Thu, 11 Nov 2010 02:15:09 -0800 (PST) In-Reply-To: <20101111090603.292280@gmx.com> References: <20101111090603.292280@gmx.com> From: Andrei Kolu Date: Thu, 11 Nov 2010 12:15:09 +0200 X-Google-Sender-Auth: CAgR62jYa20OXjLz5qsNqDuoIaU Message-ID: Cc: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: loopback in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2010 10:15:30 -0000 2010/11/11 Nikos Vassiliadis : >> Hi, >> >> I have problem with binding port to localhost inside of jail (ezjail). >> >> instead of this: >> vscan =A0 =A0perl =A0 =A0 =A0 51376 5 =A0tcp4 =A0 194.xxx.yyy.22:10024 >> >> I need this: >> vscan =A0 =A0perl =A0 =A0 =A0 51376 5 =A0tcp4 =A0 127.0.0.1:10024 >> >> Is it possible to bind anything inside jail to 127.0.0.1? > > Yes, if the jail has rights to the 127.0.0.1 address. > >> raidmadi# jail -c persist ip4.addr=3D127.0.0.1 >> raidmadi# jls >> =A0 =A0JID =A0IP Address =A0 =A0 =A0Hostname =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0Path >> =A0 =A0 =A01 =A0- =A0 =A0 =A0 =A0 =A0 =A0 =A0 nik =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 /jails/nik >> =A0 =A0 =A02 =A0- =A0 =A0 =A0 =A0 =A0 =A0 =A0 test =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/ >> =A0 =A0 =A03 =A0- =A0 =A0 =A0 =A0 =A0 =A0 =A0 testo =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 / >> =A0 =A0 =A04 =A0- =A0 =A0 =A0 =A0 =A0 =A0 =A0 isudhfius =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 /jails/nik >> =A0 =A0 =A05 =A0- =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 / >> =A0 =A0 =A08 =A0127.0.0.1 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 / >> raidmadi# jexec 8 csh >> # nc -l 8888 & >> [1] 38411 >> # sockstat -4 >> USER =A0 =A0 COMMAND =A0 =A0PID =A0 FD PROTO =A0LOCAL ADDRESS =A0 =A0 = =A0 =A0 FOREIGN ADDRESS >> root =A0 =A0 nc =A0 =A0 =A0 =A0 38411 3 =A0tcp4 =A0 127.0.0.1:8888 =A0 = =A0 =A0 =A0*:* > > Is this a multi-IP jail? The case is slightly different with multi-IP > jails. From jail(8): > > =A0=A0 =A0 ip4.addr > =A0=A0 =A0 A comma-separated list of IPv4 addresses assigned to the priso= n. > =A0=A0 =A0 If this is set, the jail is restricted to using only these > =A0=A0 =A0 address. =A0Any attempts to use other addresses fail, and atte= mpts > =A0=A0 =A0 to use wildcard addresses silently use the jailed address > =A0=A0 =A0 instead. =A0For IPv4 the first address given will be kept used= as > =A0=A0 =A0 the source address in case source address selection on unbound > =A0=A0 =A0 sockets cannot find a better match. =A0It is only possible to = start > =A0=A0 =A0 multiple jails with the same IP address, if none of the jails = has > =A0=A0 =A0 more than this single overlapping IP address assigned to itsel= f. > > HTH, Nikos > OK, I tried this way: ezjail config: export jail_crashtest_ip=3D"194.xxx.yyy.22,127.0.0.1" I have loopback ip address now: lo0: flags=3D8049 metric 0 mtu 16384 options=3D3 inet 127.0.0.1 netmask 0xff000000 But, can't bind anything to 127.0.0.1 anyway. Is this a bug or something? From owner-freebsd-jail@FreeBSD.ORG Thu Nov 11 21:29:42 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F4251065670 for ; Thu, 11 Nov 2010 21:29:42 +0000 (UTC) (envelope-from antinix@gmail.com) Received: from mail-qy0-f182.google.com (mail-qy0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id E773B8FC08 for ; Thu, 11 Nov 2010 21:29:41 +0000 (UTC) Received: by qyk5 with SMTP id 5so1256517qyk.13 for ; Thu, 11 Nov 2010 13:29:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:sender:received :in-reply-to:references:from:date:x-google-sender-auth:message-id :subject:to:content-type:content-transfer-encoding; bh=uFWudGgoGjb1JZyDcTYFSFVFENS015hK6L4Ubd663Io=; b=qK6iSylZ2R8/u7Kb+Zm9fW3n/Y/P1OJgxDa+YpjJWCcAt7UVl/2A63EWdyy0jAu4/T rVokYawt5EwvoatiGGHuIYI3sn8aaxF+uEABqXrxABVojnxSoFdW9q/wV1YBxVmH8Bgs NHNWGeVK1gYuzorihAdPa9dt+8qJ09HtmYOOk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type :content-transfer-encoding; b=jCr8P/kmtXnZw6zR5+An6+IVZmjX+k70tuu3+CXtBcNEV8yfSGYL8shwd2pX9LbmvM VNgvSYYqln2zzS2F4PHA4S8q8+TM7uOZ/EWjmMc6yVUZ17y4N7r0dpFPMCRlAaQRKOKI 6YfPHWNpP8d9te/yKtPqwgGgoIEHwnO9ariPY= Received: by 10.229.231.4 with SMTP id jo4mr1212740qcb.22.1289510981006; Thu, 11 Nov 2010 13:29:41 -0800 (PST) MIME-Version: 1.0 Sender: antinix@gmail.com Received: by 10.229.216.144 with HTTP; Thu, 11 Nov 2010 13:29:20 -0800 (PST) In-Reply-To: <20101111202221.GP2114@linutop.bsdsx.fr> References: <20101111090603.292280@gmx.com> <20101111202221.GP2114@linutop.bsdsx.fr> From: Andrei Kolu Date: Thu, 11 Nov 2010 23:29:20 +0200 X-Google-Sender-Auth: UAXwu6p0IRFFAF9HYwlImAW-cjI Message-ID: To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: loopback in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2010 21:29:42 -0000 2010/11/11 Freddy DISSAUX : > Le Thu, Nov 11, 2010 at 12:15:09PM +0200, Andrei Kolu wrote: >> OK, I tried this way: >> >> ezjail config: >> export jail_crashtest_ip=3D"194.xxx.yyy.22,127.0.0.1" >> >> I have loopback ip address now: >> lo0: flags=3D8049 metric 0 mtu 16384 >> =A0 =A0 =A0 =A0 options=3D3 >> =A0 =A0 =A0 =A0 inet 127.0.0.1 netmask 0xff000000 >> >> But, can't bind anything to 127.0.0.1 anyway. Is this a bug or something= ? > > Hum, i don't understand. You *must* have a lo0 with 127.0.0.1 ? > lo0 with 127.0.0.x is not good for you (or your app) ? > > Regards, > OK, I figured it out- only problem was that operating system become unresponsive for couple of minutes after I changed ip addres for jail localhost, I thought that system crashed, but wow. export jail_crashtest_ip=3D"194.xxx.yyy.22,lo0|127.0.0.2" lo0: flags=3D8049 metric 0 mtu 16384 options=3D3 inet 127.0.0.2 netmask 0xffffffff Now: # sockstat -4 vscan perl 98672 5 tcp4 127.0.0.2:10024 *:* Should I change /etc/hosts file too? 127.0.0.2 localhost localhost.my.domain First I thought that 127.0.0.1 address is locally significant but looks like I was wrong. From owner-freebsd-jail@FreeBSD.ORG Fri Nov 12 01:55:09 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 093EA106566C for ; Fri, 12 Nov 2010 01:55:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 857FC8FC21 for ; Fri, 12 Nov 2010 01:55:08 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id E462541C7C3; Fri, 12 Nov 2010 02:55:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id bGmHmEzAQAjl; Fri, 12 Nov 2010 02:55:06 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id ED9B341C7C8; Fri, 12 Nov 2010 02:55:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 6FD254448F3; Fri, 12 Nov 2010 01:51:16 +0000 (UTC) Date: Fri, 12 Nov 2010 01:51:16 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Andrei Kolu In-Reply-To: Message-ID: <20101112014657.M78896@maildrop.int.zabbadoz.net> References: <20101111090603.292280@gmx.com> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: loopback in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Nov 2010 01:55:09 -0000 On Thu, 11 Nov 2010, Andrei Kolu wrote: > OK, I tried this way: > > ezjail config: > export jail_crashtest_ip="194.xxx.yyy.22,127.0.0.1" > > I have loopback ip address now: > lo0: flags=8049 metric 0 mtu 16384 > options=3 > inet 127.0.0.1 netmask 0xff000000 > > But, can't bind anything to 127.0.0.1 anyway. Is this a bug or something? No, it's intentional. You would bind to your public 194.x.x.x IP. Quoting from jail(2): All connec- tions to/from the loopback address (127.0.0.1 for IPv4, ::1 for IPv6) will be changed to be to/from the primary address of the jail for the given address family. /bz -- Bjoern A. Zeeb Welcome a new stage of life. Going to jail sucks -- All my daemons like it! http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html