Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 30 Oct 2000 15:45:40 +0200
From:      Marc Silver <marcs@draenor.org>
To:        The Hermit Hacker <scrappy@hub.org>
Cc:        freebsd-stable@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject:   Re: Multiple Jail environment(s) on one host ...
Message-ID:  <20001030154540.E39296@draenor.org>
In-Reply-To: <Pine.BSF.4.21.0010300941540.1709-100000@thelab.hub.org>; from scrappy@hub.org on Mon, Oct 30, 2000 at 09:42:14AM -0400
References:  <20001030152601.C39296@draenor.org> <Pine.BSF.4.21.0010300941540.1709-100000@thelab.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
*slap upside the head* -- Sorry... you can tell it's Monday because I've
forgotten how to read...  :))

Yes, I believe that means it's listening via ipv4 and ipv6.  :)

Sorry,
Marc

On Mon, Oct 30, 2000 at 09:42:14AM -0400, The Hermit Hacker wrote:
> On Mon, 30 Oct 2000, Marc Silver wrote:
> 
> > Hi there,
> > 
> > I've never really read the docs, but I'm very familiar with chrooting on
> > Solaris, so it's just something I knew.  Perhaps you could submit some
> > documentation to the project??  ;)
> > 
> > tcp4 (afaik) means that it's using ipv4.  This doesn't mean it's
> > listening on ipv6.  
> 
> correct, but what does the 'tcp46' below mean? :)
> 
> 
> > 
> > Cheers,
> > Marc
> > 
> > On Mon, Oct 30, 2000 at 08:52:38AM -0400, The Hermit Hacker wrote:
> > > On Mon, 30 Oct 2000, Marc Silver wrote:
> > > 
> > > > Are any of the services on the base machine binding to all the IP's
> > > > perhaps??
> > > > 
> > > > You'de be looking at something like this:  (netstat -na | grep LIST)
> > > > 
> > > > tcp4       0      0  192.168.0.10.80        *.* LISTEN
> > > > tcp4       0      0  *.25                   *.* LISTEN
> > > > tcp4       0      0  192.168.0.10.53        *.* LISTEN
> > > > tcp4       0      0  192.168.0.10.53        *.* LISTEN
> > > > tcp4       0      0  *.6000                 *.* LISTEN
> > > > tcp4       0      0  *.3306                 *.* LISTEN
> > > > tcp4       0      0  *.22                   *.* LISTEN
> > > > 
> > > > 
> > > > Notice how for instance port 22, 25 and 3306 are bound to all ports on
> > > > the machine, which would mean that you couldn't bind sshd in the chroot
> > > > to an IP because there is already an sshd using it.  
> > > 
> > > Nope, that doesn't seem to be it, but one I hadn't thought of checking ...
> > > will have to keep an eye on that one thanks:
> > > 
> > > tcp4       0      0  216.126.85.73.23       *.*                    LISTEN
> > > tcp4       0      0  216.126.85.73.21       *.*                    LISTEN
> > > tcp4       0      0  216.126.85.28.23       *.*                    LISTEN
> > > tcp4       0      0  216.126.85.28.21       *.*                    LISTEN
> > > tcp4       0      0  216.126.85.73.22       *.*                    LISTEN
> > > tcp46      0      0  *.22                   *.*                    LISTEN
> > > tcp4       0      0  216.126.85.73.587      *.*                    LISTEN
> > > tcp4       0      0  216.126.85.73.25       *.*                    LISTEN
> > > tcp4       0      0  216.126.85.28.587      *.*                    LISTEN
> > > tcp4       0      0  216.126.85.28.25       *.*                    LISTEN
> > > tcp4       0      0  216.126.85.28.2000     *.*                    LISTEN
> > > tcp4       0      0  216.126.85.28.143      *.*                    LISTEN
> > > tcp4       0      0  216.126.84.253.22      *.*                    LISTEN
> > > tcp4       0      0  216.126.85.28.22       *.*                    LISTEN
> > > tcp4       0      0  216.126.85.28.53       *.*                    LISTEN
> > > tcp4       0      0  216.126.85.28.80       *.*                    LISTEN
> > > tcp4       0      0  216.126.84.253.21      *.*                    LISTEN
> > > 
> > > tcp46 means its doing both IPv4 and IPv6?
> > > 
> > > The *.22 above was the new one I added on though, fixed its sshd_conf file
> > > ...
> > > 
> > > So far, as far as I can tell, binding the jail envs inetd to an IP appears
> > > to have fixed it, but from my read of teh docs, taht shouldn't have been
> > > required ... am I reading the docs wrong? *raised eyebrow*
> > > 
> > > > On Mon, Oct 30, 2000 at 07:50:49AM -0400, The Hermit Hacker wrote:
> > > > > On Mon, 30 Oct 2000, Marc Silver wrote:
> > > > > 
> > > > > > Hi there,
> > > > > > 
> > > > > > It's my understanding that the chroot's (jails) should run on different
> > > > > > IP addresses to that of your base system.  
> > > > > > 
> > > > > > For instance, let's say you have three addresses:
> > > > > > 
> > > > > > 192.168.0.10
> > > > > > 192.168.0.11
> > > > > > 192.168.0.12
> > > > > > 
> > > > > > 192.168.0.10 would be that of your base machine and all it's services,
> > > > > > which you should make sure are bound to just that address, and none of
> > > > > > the others.  The same would apply for your chroots.  Their services
> > > > > > should also all be running on a seperate dedicated IP address.
> > > > > 
> > > > > Right, I read that too.  the base machine is on 216.126.84.253, while the
> > > > > two envs are on 216.126.85.28 and 216.126.85.73 respectively ... that is
> > > > > why I'm confused by the 'Address already in use' issue ...
> > > > > 
> > > > >  > 
> > > > > > Cheers,
> > > > > > Marc
> > > > > > 
> > > > > > On Sun, Oct 29, 2000 at 11:40:36PM -0400, The Hermit Hacker wrote:
> > > > > > > 
> > > > > > > Morning all ...
> > > > > > > 
> > > > > > > 	I'm running 4.x-STABLE on a machine, that I have setup two jail
> > > > > > > environments over the base system, but the second one is getting the
> > > > > > > following "errors" generated:
> > > > > > > 
> > > > > > > Oct 29 22:32:20 mail inetd[97608]: telnet/tcp: bind: Address already in use
> > > > > > > Oct 29 22:32:20 mail inetd[97608]: ftp/tcp: bind: Address already in use
> > > > > > > 
> > > > > > > 	I have portmap disabled in both jail(s) and the base OS, and inetd
> > > > > > > bound in the base OS to its IP ... do I have to bind inside of each jail
> > > > > > > to?  I thought it got bound only to those IPs that were visible, no?
> > > > > > > 
> > > > > > > 	Hrmmm ... if I do a 'telnet localhost smtp' inside of the second
> > > > > > > env, it gets its own sendmail ... if I do a 'ftp localhost', it gets the
> > > > > > > ftp server of the first env ... samn thing with telnet, it gets me the
> > > > > > > first env ...
> > > > > > > 
> > > > > > > 	If I add the -a IP option to inetd_flags, I can eliminate the
> > > > > > > behaviour ... is this the way its supposed to work?
> > > > > > > 
> > > > > > > Thanks ...
> > > > > > > 
> > > > > > > 
> > > > > > > Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
> > > > > > > Systems Administrator @ hub.org 
> > > > > > > primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org 
> > > > > > 
> > > > > > 
> > > > > 
> > > > > Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
> > > > > Systems Administrator @ hub.org 
> > > > > primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org 
> > > > 
> > > > 
> > > 
> > > Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
> > > Systems Administrator @ hub.org 
> > > primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org 
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> > 
> > 
> 
> Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
> Systems Administrator @ hub.org 
> primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001030154540.E39296>