Date: Mon, 30 Oct 2000 09:42:14 -0400 (AST) From: The Hermit Hacker <scrappy@hub.org> To: Marc Silver <marcs@draenor.org> Cc: freebsd-stable@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Multiple Jail environment(s) on one host ... Message-ID: <Pine.BSF.4.21.0010300941540.1709-100000@thelab.hub.org> In-Reply-To: <20001030152601.C39296@draenor.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 30 Oct 2000, Marc Silver wrote: > Hi there, > > I've never really read the docs, but I'm very familiar with chrooting on > Solaris, so it's just something I knew. Perhaps you could submit some > documentation to the project?? ;) > > tcp4 (afaik) means that it's using ipv4. This doesn't mean it's > listening on ipv6. correct, but what does the 'tcp46' below mean? :) > > Cheers, > Marc > > On Mon, Oct 30, 2000 at 08:52:38AM -0400, The Hermit Hacker wrote: > > On Mon, 30 Oct 2000, Marc Silver wrote: > > > > > Are any of the services on the base machine binding to all the IP's > > > perhaps?? > > > > > > You'de be looking at something like this: (netstat -na | grep LIST) > > > > > > tcp4 0 0 192.168.0.10.80 *.* LISTEN > > > tcp4 0 0 *.25 *.* LISTEN > > > tcp4 0 0 192.168.0.10.53 *.* LISTEN > > > tcp4 0 0 192.168.0.10.53 *.* LISTEN > > > tcp4 0 0 *.6000 *.* LISTEN > > > tcp4 0 0 *.3306 *.* LISTEN > > > tcp4 0 0 *.22 *.* LISTEN > > > > > > > > > Notice how for instance port 22, 25 and 3306 are bound to all ports on > > > the machine, which would mean that you couldn't bind sshd in the chroot > > > to an IP because there is already an sshd using it. > > > > Nope, that doesn't seem to be it, but one I hadn't thought of checking ... > > will have to keep an eye on that one thanks: > > > > tcp4 0 0 216.126.85.73.23 *.* LISTEN > > tcp4 0 0 216.126.85.73.21 *.* LISTEN > > tcp4 0 0 216.126.85.28.23 *.* LISTEN > > tcp4 0 0 216.126.85.28.21 *.* LISTEN > > tcp4 0 0 216.126.85.73.22 *.* LISTEN > > tcp46 0 0 *.22 *.* LISTEN > > tcp4 0 0 216.126.85.73.587 *.* LISTEN > > tcp4 0 0 216.126.85.73.25 *.* LISTEN > > tcp4 0 0 216.126.85.28.587 *.* LISTEN > > tcp4 0 0 216.126.85.28.25 *.* LISTEN > > tcp4 0 0 216.126.85.28.2000 *.* LISTEN > > tcp4 0 0 216.126.85.28.143 *.* LISTEN > > tcp4 0 0 216.126.84.253.22 *.* LISTEN > > tcp4 0 0 216.126.85.28.22 *.* LISTEN > > tcp4 0 0 216.126.85.28.53 *.* LISTEN > > tcp4 0 0 216.126.85.28.80 *.* LISTEN > > tcp4 0 0 216.126.84.253.21 *.* LISTEN > > > > tcp46 means its doing both IPv4 and IPv6? > > > > The *.22 above was the new one I added on though, fixed its sshd_conf file > > ... > > > > So far, as far as I can tell, binding the jail envs inetd to an IP appears > > to have fixed it, but from my read of teh docs, taht shouldn't have been > > required ... am I reading the docs wrong? *raised eyebrow* > > > > > On Mon, Oct 30, 2000 at 07:50:49AM -0400, The Hermit Hacker wrote: > > > > On Mon, 30 Oct 2000, Marc Silver wrote: > > > > > > > > > Hi there, > > > > > > > > > > It's my understanding that the chroot's (jails) should run on different > > > > > IP addresses to that of your base system. > > > > > > > > > > For instance, let's say you have three addresses: > > > > > > > > > > 192.168.0.10 > > > > > 192.168.0.11 > > > > > 192.168.0.12 > > > > > > > > > > 192.168.0.10 would be that of your base machine and all it's services, > > > > > which you should make sure are bound to just that address, and none of > > > > > the others. The same would apply for your chroots. Their services > > > > > should also all be running on a seperate dedicated IP address. > > > > > > > > Right, I read that too. the base machine is on 216.126.84.253, while the > > > > two envs are on 216.126.85.28 and 216.126.85.73 respectively ... that is > > > > why I'm confused by the 'Address already in use' issue ... > > > > > > > > > > > > > > Cheers, > > > > > Marc > > > > > > > > > > On Sun, Oct 29, 2000 at 11:40:36PM -0400, The Hermit Hacker wrote: > > > > > > > > > > > > Morning all ... > > > > > > > > > > > > I'm running 4.x-STABLE on a machine, that I have setup two jail > > > > > > environments over the base system, but the second one is getting the > > > > > > following "errors" generated: > > > > > > > > > > > > Oct 29 22:32:20 mail inetd[97608]: telnet/tcp: bind: Address already in use > > > > > > Oct 29 22:32:20 mail inetd[97608]: ftp/tcp: bind: Address already in use > > > > > > > > > > > > I have portmap disabled in both jail(s) and the base OS, and inetd > > > > > > bound in the base OS to its IP ... do I have to bind inside of each jail > > > > > > to? I thought it got bound only to those IPs that were visible, no? > > > > > > > > > > > > Hrmmm ... if I do a 'telnet localhost smtp' inside of the second > > > > > > env, it gets its own sendmail ... if I do a 'ftp localhost', it gets the > > > > > > ftp server of the first env ... samn thing with telnet, it gets me the > > > > > > first env ... > > > > > > > > > > > > If I add the -a IP option to inetd_flags, I can eliminate the > > > > > > behaviour ... is this the way its supposed to work? > > > > > > > > > > > > Thanks ... > > > > > > > > > > > > > > > > > > Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy > > > > > > Systems Administrator @ hub.org > > > > > > primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org > > > > > > > > > > > > > > > > > > Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy > > > > Systems Administrator @ hub.org > > > > primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org > > > > > > > > > > Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy > > Systems Administrator @ hub.org > > primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010300941540.1709-100000>