Date: Tue, 5 Aug 2003 13:39:20 +0300 From: Peter Pentchev <roam@ringlet.net> To: stakys@punktas.lt Cc: freebsd-security@freebsd.org Subject: Re: Problems with JAIL in 4.8R Message-ID: <20030805103919.GV358@straylight.oblivion.bg> In-Reply-To: <20030805103636.GU358@straylight.oblivion.bg> References: <53210.81.7.109.95.1060089623.squirrel@mail.impress.lt> <20030805103636.GU358@straylight.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
--Nj4mAaUCx+wbOcQD Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 05, 2003 at 01:36:36PM +0300, Peter Pentchev wrote: > On Tue, Aug 05, 2003 at 01:20:23PM -0000, stakys@punktas.lt wrote: > > On Tue, Aug 05, 2003 at 12:56:36PM -0000, stakys@punktas.lt wrote: > > > Hi, i've set the outside ip for the jail..It works.. When i try to ss= h to > > > jail'ed system from the main system (in which is created jail) the > > > connection is successful, but when i try to connect to jailed system = =66rom > > > anywhere else i get this message: > > > ssh: connect to host IP_NUMBER port 22: Operation timed out > > > What can be wrong here? How to solve this problem? > >=20 > > >>Are you running some sort of firewall on the main system? You might > > >>have to add additional rules allowing SSH into the jailed one... > >=20 > > >>G'luck, > > >>Peter > >=20 > > I'm running IPFW but i put such a lines to ipfw.rules to be sure that i= t's > > not firewall's fault, about connecting to jail'ed system from outside. > > Here are the lines: > > ipfw add 50 allow ip from any to any via lo0 > > ipfw add 51 allow ip from any to any via rl0 >=20 > If it would not be a great security risk, could you post the whole > set of ipfw rules that you are using? Alternatively, could you add a > 'log' clause to all the 'deny' rules, and then watch for denied packets > in the syslog? As another alternative, you could 'ipfw -f' for the > duration of the test... *THWAP*... Of course I meant 'ipfw flush' :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 The rest of this sentence is written in Thailand, on --Nj4mAaUCx+wbOcQD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/L4lX7Ri2jRYZRVMRAtAJAKCSGatl9fvE/VqWMD1BIcKLYMGDXQCeOdm5 mzzsAawR0rI+Lpww654iF74= =RnPa -----END PGP SIGNATURE----- --Nj4mAaUCx+wbOcQD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030805103919.GV358>