From owner-freebsd-questions@FreeBSD.ORG Mon Mar 22 10:24:17 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 604E71065670 for ; Mon, 22 Mar 2010 10:24:17 +0000 (UTC) (envelope-from dhenin@gmail.com) Received: from mail-bw0-f228.google.com (mail-bw0-f228.google.com [209.85.218.228]) by mx1.freebsd.org (Postfix) with ESMTP id D5FD18FC1E for ; Mon, 22 Mar 2010 10:24:15 +0000 (UTC) Received: by bwz28 with SMTP id 28so4673282bwz.14 for ; Mon, 22 Mar 2010 03:24:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:reply-to:received :in-reply-to:references:from:date:x-google-sender-auth:message-id :subject:to:content-type; bh=gyTUJtVQopY0P2tLOufTCENX38JoW5UXdbFwI0EM8oc=; b=UeI5TNOlX8awEa5uRMaUv1Kg/8HWQsqgwJ8WAVVwg1gZdRyM//cOxPptOx1Zpvuix4 QhaBf9Pe+XqigsJcp5yEGqcPIMIf4o3shLl1CUPbnCMYPwp4fstj3r1dh19aHY58HgIR vonxuEsWedmqX/cVKTsvJNIlTAZ7ATAFrIX8Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:reply-to:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type; b=A164krkY92OxoAb7nKVts5XVWu/YEbQRXfiEKXbUMSwL69FGgE5DJjyoZPs3uHWv/+ 3wFycjYz2vzY11v0CsUXo1+mXk8g71rR76qDIiN33BprOUTZUbm5gFrKEoGZUDK5J5Zo Z9tiDhOmHORP1E7zPzqOz30VJ3DHlx8oUWzXk= MIME-Version: 1.0 Sender: dhenin@gmail.com Received: by 10.204.75.35 with SMTP id w35mr5272508bkj.194.1269253454156; Mon, 22 Mar 2010 03:24:14 -0700 (PDT) In-Reply-To: <20100322095545.GA77714@ei.bzerk.org> References: <4BA5AA53.5030503@comclark.com> <4BA69566.2040504@markshroyer.com> <4BA6B80F.7050806@comclark.com> <4BA6CB8B.8070309@markshroyer.com> <4BA73C9D.7090900@comclark.com> <20100322095545.GA77714@ei.bzerk.org> From: =?ISO-8859-1?Q?Dh=E9nin_Jean=2DJacques?= Date: Mon, 22 Mar 2010 11:23:54 +0100 X-Google-Sender-Auth: d742f8a29d1cdc2b Message-ID: <12437d831003220323o4463044bu416f994f0129b459@mail.gmail.com> To: Ruben de Groot , Aiza , Mark Shroyer , freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: ezjail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jj@dhenin.fr List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2010 10:24:17 -0000 2010/3/22 Ruben de Groot > > > > > My host 8.0 system is the gateway to the public internet. > > I have ipfilter running blocking all inbound request for service. > > I only allow out bound request from the LAN behind the gateway and use > > keep state to allow the packet conversation to continue. All this has > > worked fine for years across many releases of Freebsd. > > > > Now comes playing with jails. I created 3 jails, www, ftp, telnet and > > used ip address of 10.0.20.20, 10.0.20.30, 10.0.20.40. The goal is to > > target those jails from other PC on the private LAN who are using ip > > address in the 10.0.10.2 through 10.0.10.8 range. > > > > I used ezjail-admin onestart and all the jails start. Then did > > ezjail-admin console ftp.local.com and got logged into that jail. Edite= d > > /etc/inetd.conf and uncommented the ftp line. Edited /etc/rc.conf addin= g > > inetd_enable=3D"YES" exited the ftp jail. Did ezjail-admin onestop > > followed by ezjail-admin onestart to cycle the ftp jail to activate the > > ftp function. ezjail-admin console ftp.local.com to get logged into tha= t > > jail again. From within the jail did ping -c 2 10.0.10.6 which is a pc > > on the lan gives me no sockets mesg. And ftp from 10.0.10.6 to > > 10.0.20.30 the ftp jail gives me no connection error. > > > > What is the problem here? > > > How are we supposed to know? > > Ruben > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > add sysctl security.jail.allow_raw_sockets=3D1 or in /etc/sysctl.conf on the host (not in in the jail) Cordialement --------------------------------------------------------- (=B0> Dh=E9nin Jean-Jacques / ) 48, rue de la Justice 78300 Poissy ^^ Jean-Jacques@dhenin.fr ---------------------------------------------------------