From owner-freebsd-hackers@freebsd.org Tue Dec 11 15:51:01 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 460DA13359C6 for ; Tue, 11 Dec 2018 15:51:01 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound2m.ore.mailhop.org (outbound2m.ore.mailhop.org [54.149.155.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5A4E27BDBC for ; Tue, 11 Dec 2018 15:49:50 +0000 (UTC) (envelope-from ian@freebsd.org) ARC-Seal: i=1; a=rsa-sha256; t=1544543370; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=p59jY7+wPtp5/qvadryeD9RuhYlHk6/x7mSgiafKjRZyqH9aBZ74QJS8qBM+mPXwJbpqOgVRPho87 7zjKrE+5+zsQsXm2LTJ/6B06jOomK2qx8WaPK7eY4+G66XVZYiLSqsIKgglK6agwk0s7brpeqGfdGo DyNR69xJvOLeVukxzbiPwinJHDoYQoUG0pK8dnjPEyT2aNIYkJi8PJ+JFK9zfizyBZz3OkGH/dUehi V4km0QWsdSL9kBY0zLfXLsVeBH+iKT9BehvjwYUYOs1WsS0FVX9IuQYZ/vBloyNk6HnKTYLuMu6bye qPY0qPogLp1mVsK7ZzwKjIiAx1x5uuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:to:from:subject:message-id:dkim-signature:from; bh=A8Jt865s9lXU+fGNVwLvBsk5aVDdC9I76bKw0UD4MHI=; b=Q2YvBLQSVjbtg5QTzZ70d9pmicFwXH7+qtrb3q7EVmVr1iycREi124jdr7XTeNO1GSIHLLsYHJBNm VYDk2m9ULXGEVhgVCK/cW0BWZ2kbpYmVOdAeEd7pdeKX9SZisKSnzE8Th92mUMhff2Y46JJ8zlCJKC 9sBjz1nTSuqnNP3ncra75crJEGUTlWe5x6AHwdNnu9GaktQlX3En/uFq09/01jcF2qyYPewQb5Zvyb oQGBkEvOzrdmiAfdcHhRzN9hJxrF0Jrkv2ydb54wuITSf0iL/CKtUb1RxWycXNTBfFiWAavNZH2/X/ AMsb4q1B2jzcrpPbLhjPeLPmeM5mswg== ARC-Authentication-Results: i=1; outbound4.ore.mailhop.org; spf=softfail smtp.mailfrom=freebsd.org smtp.remote-ip=67.177.211.60; dmarc=none header.from=freebsd.org; arc=none header.oldest-pass=0; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:to:from:subject:message-id:from; bh=A8Jt865s9lXU+fGNVwLvBsk5aVDdC9I76bKw0UD4MHI=; b=N3xsLzmTDpc2CagGYHDG7RNjMax8M1Yacg4q3idwYsF+wHxySPkK0xpYafu1F73/VrYOwUrEWzkdP eAa8gA1ZU8Yyc62PXdbdngu/Gri2tnr9ZsKIJ9GDHad0MMbHLTsXx/x6jhcrZuUPCWc0BrK267v/3k Ik+HfAHb9EOEaKdIN7QTLa98/zQmJbUIpxzpwCUWBEIcqPXOVijdoVK38AvoEEmol5mm+2E0hhheV5 Ttsfz/tpkiF0vkcWtUbzDdLIHKndUzAV0R8IoazbwvVjwvlMxWrB52a1i5fzl3ZRqhD0yo9rrTHEfV YY+RslJVtK4DTMP15D+OFmaEZBLps4w== X-MHO-RoutePath: aGlwcGll X-MHO-User: 57a45dec-fd5c-11e8-befd-af03bedce89f X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound4.ore.mailhop.org (Halon) with ESMTPSA id 57a45dec-fd5c-11e8-befd-af03bedce89f; Tue, 11 Dec 2018 15:49:29 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id wBBFnlSk075340; Tue, 11 Dec 2018 08:49:47 -0700 (MST) (envelope-from ian@freebsd.org) Message-ID: <1544543387.1860.347.camel@freebsd.org> Subject: Re: Running Tor service in the jail environment From: Ian Lepore To: Hubert Hauser , freebsd-hackers@freebsd.org Date: Tue, 11 Dec 2018 08:49:47 -0700 In-Reply-To: <66526968-1446-c95e-629a-fb9e1b246111@mail.com> References: <66526968-1446-c95e-629a-fb9e1b246111@mail.com> Content-Type: text/plain; charset="ASCII" X-Mailer: Evolution 3.18.5.1 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 5A4E27BDBC X-Spamd-Result: default: False [-2.99 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.993,0]; ASN(0.00)[asn:16509, ipnet:54.148.0.0/15, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 15:51:01 -0000 On Tue, 2018-12-11 at 01:41 +0000, Hubert Hauser wrote: > I want to torify my FreeBSD old machine purposed to mainly darknet > activities. > > Should I worry about these errors during creating jail? > > > > > Warning: Some services already seem to be listening on all IP, > (including 127.0.1.1) This may cause some confusion, here they are: > root > ntpd 58008 20 udp6 *:123 *:* root ntpd 58008 21 udp4 *:123 *:* root > lpd > 48726 6 tcp6 *:515 *:* root lpd 48726 7 tcp4 *:515 *:* Warning: Some > services already seem to be listening on IP 192.168.1.105 This may > cause > some confusion, here they are: root ntpd 58008 23 udp4 > 192.168.1.105:123 > *:* Warning: Some services already seem to be listening on all IP, > (including 192.168.1.105) This may cause some confusion, here they > are: > root ntpd 58008 20 udp6 *:123 *:* root ntpd 58008 21 udp4 *:123 *:* > root > lpd 48726 6 tcp6 *:515 *:* root lpd 48726 7 tcp4 *:515 *:| > > Should jail have access to loopback interface and public Ethernet > interface assuming that all traffic from this machine will be routed > through Tor? Is it necessary to set up a virtual network interface to > communicate between jails? You should not be running ntpd inside a jail, it won't have the priveleges to set the kernel clock anyway, only the ntpd running in a non-jailed environment can do that. I suspect the same is true of lpd, but I've never used that and know nothing about it. -- Ian