Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 31 Jan 2012 14:54:01 -0500
From:      "Bender, Chris" <chris_bender@cellularatsea.com>
To:        "Dirk Engling" <erdgeist@erdgeist.org>
Cc:        freebsd-jail@freebsd.org
Subject:   RE: jails
Message-ID:  <assp.03779f6e78.863259E16B6C464DAD1E9DD10BB311540582ED6D@wmsexg01.corp.cellularatsea.com>
In-Reply-To: <4F284279.7070904@erdgeist.org>
References:  <863259E16B6C464DAD1E9DD10BB311540582ED4C@wmsexg01.corp.cellularatsea.com> <4F283FE6.1060905@erdgeist.org>  <863259E16B6C464DAD1E9DD10BB311540582ED50@wmsexg01.corp.cellularatsea.com> <4F284279.7070904@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Sorry, it has been a long three day..

Here is the sockstat from the host. Lots are listening on 22.

zs1# sockstat -4 | grep 22
root     sshd       19910 3  tcp4   172.19.4.67:22
10.200.104.195:18253
11201    sshd       19191 3  tcp4   172.19.4.190:22
172.19.4.202:33555
11201    sshd       19187 3  tcp4   172.19.4.190:22
172.19.4.202:33561
11201    sshd       19182 3  tcp4   172.19.4.190:22
172.19.4.202:33560
11201    sshd       19178 3  tcp4   172.19.4.190:22
172.19.4.202:33557
11201    sshd       19174 3  tcp4   172.19.4.190:22
172.19.4.202:33558
11201    sshd       19170 3  tcp4   172.19.4.190:22
172.19.4.202:33556
11201    sshd       19166 3  tcp4   172.19.4.190:22
172.19.4.202:33559
root     sshd       19152 3  tcp4   172.19.4.190:22
172.19.4.202:33561
root     sshd       19150 3  tcp4   172.19.4.190:22
172.19.4.202:33560
root     sshd       19148 3  tcp4   172.19.4.190:22
172.19.4.202:33559
root     sshd       19146 3  tcp4   172.19.4.190:22
172.19.4.202:33558
root     sshd       19145 3  tcp4   172.19.4.190:22
172.19.4.202:33557
root     sshd       19135 3  tcp4   172.19.4.190:22
172.19.4.202:33556
root     sshd       19134 3  tcp4   172.19.4.190:22
172.19.4.202:33555
root     sshd       15627 3  tcp4   172.19.4.42:22        *:*
11201    sshd       10653 3  tcp4   172.19.4.190:22
172.19.4.190:16235
root     sshd       10439 3  tcp4   172.19.4.190:22
172.19.4.190:16235
11201    ssh        10438 3  tcp4   172.19.4.190:16235
172.19.4.190:22
11201    sshd       10230 3  tcp4   172.19.4.190:22
172.19.4.202:33545
root     sshd       10207 3  tcp4   172.19.4.190:22
172.19.4.202:33545
root     sshd       9661  3  tcp4   172.19.4.45:22        *:*
root     sshd       9229  3  tcp4   172.19.4.38:22        *:*
bind     named      9118  518 udp4  172.19.4.38:52131
192.228.79.201:53
bind     named      9118  520 udp4  172.19.4.38:51335
192.228.79.201:53
bind     named      9118  522 udp4  172.19.4.38:55252     192.33.4.12:53
bind     named      9118  540 udp4  172.19.4.38:64367
192.228.79.201:53
bind     named      9118  561 udp4  172.19.4.38:62396
192.228.79.201:53
bind     named      9118  572 udp4  172.19.4.38:57160
192.228.79.201:53
bind     named      9118  575 udp4  172.19.4.38:56313
192.228.79.201:53
root     sshd       8874  3  tcp4   172.19.4.36:22        *:*
root     sshd       8459  3  tcp4   172.19.4.39:22        *:*
root     sshd       8123  3  tcp4   172.19.4.44:22        *:*
root     sshd       7774  3  tcp4   172.19.4.190:22       *:*
root     sshd       7377  3  tcp4   172.19.4.43:22        *:*
root     sshd       7036  3  tcp4   172.19.4.41:22        *:*
root     sshd       1470  3  tcp4   172.19.4.67:22
10.200.104.195:57000
root     sshd       1329  3  tcp4   172.19.4.67:22        *:*


I looked at the sshd_config on the Jailed system and neither it or the
host
Have the ListenAddress in their respective files.=20

Thanks



-----Original Message-----
From: Dirk Engling [mailto:erdgeist@erdgeist.org]=20
Sent: Tuesday, January 31, 2012 2:35 PM
To: Bender, Chris
Cc: freebsd-jail@freebsd.org
Subject: Re: jails

On 31.01.12 20:27, Bender, Chris wrote:
> zs1# ezjail-admin list
> STA JID  IP              Hostname                       Root Directory
> --- ---- --------------- ------------------------------
> ------------------------
> DR  14   172.19.4.36     wiki
/usr/jails/wiki
> DR  9    172.19.4.41     tools2
> /usr/jails/tools2
> DR  16   172.19.4.45     rt3                            /usr/jails/rt3
> DR  17   172.19.4.42     rep                            /usr/jails/rep
> DR  11   172.19.4.190    npins
/usr/jails/npims
> DR  13   172.19.4.39     logger
> /usr/jails/logger
> DR  12   172.19.4.44     inventory
> /usr/jails/inventory
> DR  15   172.19.4.38     dns2
/usr/jails/dns2
> DSN N/A  172.19.4.37     dns1
/usr/jails/dns1
> DSN N/A  172.19.4.32     db                             /usr/jails/db
> DSN N/A  172.19.4.31     coremon
> /usr/jails/coremon
> DR  10   172.19.4.43     cf                             /usr/jails/cf

This shows that all the jails that are supposed to run, are actually
running. You can console into the jail by

  ezjail-admin console tools2

and check if there are any services running. For starters you could
check if in the jail's rc.conf you have sshd enabled.

If that is the case, you can check if the host system's sshd binds on
*:22, making it impossible for the jail's sshds to bind to their port
22.

Check for:

#ListenAddress 0.0.0.0

in the host system's /etc/ssh/sshd_config and make it bind to the host
system's primary IP address.

A 'sockstat -4l | grep 22' in the host system will also tell you about
services listening on all IP addresses.

Regards,

  erdgeist

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?assp.03779f6e78.863259E16B6C464DAD1E9DD10BB311540582ED6D>