From owner-freebsd-questions@FreeBSD.ORG Sat Feb 24 03:44:00 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6A1F616A401 for ; Sat, 24 Feb 2007 03:44:00 +0000 (UTC) (envelope-from stapleton.41@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.187]) by mx1.freebsd.org (Postfix) with ESMTP id E1BE113C46B for ; Sat, 24 Feb 2007 03:43:59 +0000 (UTC) (envelope-from stapleton.41@gmail.com) Received: by mu-out-0910.google.com with SMTP id g7so600308muf for ; Fri, 23 Feb 2007 19:43:58 -0800 (PST) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=iiFg4mTj8WyYA9W+a0BBXlWBa1HDDbxuQDkQwDu59rLbNKXg5Be/FKTsBPf7A1QbZH0VUCgCq668qhsinK6J92OxQ4w2GD4JUdi5EcBYYQMgd4Gd2ICJGfUtPo6g5trnlVV+PdzWowOwCQ6DWUvhJy6Un1ZnWmvPal2/jUm5Pjg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=unJm9PriClh8IKwl9n1d/bFsonKUNQEwj6YAOaOou9C5yVUuwu+nICaZ9K363+Bg5At9MFylM55ADa0o9+hKFueXpznWtEKO9SnvVIcukOV1zpzu21lnUSDaE2zpN00BCbCrVd/iau7695EfHl0PoG92QOoKtClmxv5apxTlaOY= Received: by 10.82.113.6 with SMTP id l6mr993508buc.1172288638617; Fri, 23 Feb 2007 19:43:58 -0800 (PST) Received: by 10.82.191.16 with HTTP; Fri, 23 Feb 2007 19:43:58 -0800 (PST) Message-ID: <80f4f2b20702231943j3fea9f4fxb3919898ad4dfc21@mail.gmail.com> Date: Sat, 24 Feb 2007 03:43:58 +0000 From: "Jim Stapleton" To: "Harald Schmalzbauer" In-Reply-To: <80f4f2b20702231936m9725099v6e638685273630f0@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <80f4f2b20702231107p1cf7f4f3n5896aa7e8ef0ecaf@mail.gmail.com> <200702240408.40222.h.schmalzbauer@omnisec.de> <80f4f2b20702231921x603c759g9b143b24edfaa7d5@mail.gmail.com> <200702240430.09674.h.schmalzbauer@omnisec.de> <80f4f2b20702231936m9725099v6e638685273630f0@mail.gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: problems with jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2007 03:44:00 -0000 addendum, I fixed syslogd by adding this to my rc.conf: syslogd_flags=3D"-b 192.168.1.84" However, looking through netstat's man page, I couldn't find the name of the flag (if it exists) that will show the process name. Does that require a different tool? Thank you, -Jim Stapleton On 2/24/07, Jim Stapleton wrote: > OK, I have a fairly sizeable list, but it looks like most stuff is > bound to 192.168.1.84 except two things, one is closed, and the other > is syslog (guess I have to look at it's man page). It also looks like > there is something else there. I guess I'll be looking at the netstat > man page to figure out how to get the name of the daemon touch it: > > > netstat -f inet -a; netstat -f inet6 -a > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address (state= ) > tcp4 0 0 192.168.1.84.57256 ar-in-f18.google.http ESTABL= ISHED > tcp4 0 0 192.168.1.84.62237 caim-m05b.blue.a.aol TIME_W= AIT > tcp4 0 0 192.168.1.84.58627 oam-d17a.blue.ao.aol TIME_W= AIT > tcp4 0 0 192.168.1.84.64265 205.188.7.124.aol TIME_W= AIT > tcp4 0 0 192.168.1.84.ssh *.* LISTEN > tcp4 0 0 *.* *.* CLOSED > tcp4 0 0 192.168.1.84.61774 ar-in-f19.google.http ESTABL= ISHED > tcp4 0 0 192.168.1.84.53732 ar-in-f83.google.http ESTABL= ISHED > udp4 0 0 *.syslog *.* > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address (state= ) > udp6 0 0 *.syslog *.* > > > > On 2/24/07, Harald Schmalzbauer wrote: > > Am Samstag, 24. Februar 2007 04:21 schrieb Jim Stapleton: > > > I did the ssh after you did the previous mail, but it didn't fix the > > > problem. > > > > > > I'm not having problems senmail or named, they were simply mentioned > > > in the man page. I never had named running, and I didn't realize > > > sendmail was running. The latter was my problem with sendmail. That > > > problem as I said is fixed. Beyond that I don't even know which > > > process on my system are daemons at this point, except usbd and devd, > > > neither of which (to my knowledge) should be listening to any sockets= . > > > Actually there are a couple of kernel processes (pagedaemon, vmdaemon= , > > > and bufdaemon), but I don't know where to find documentation on them, > > > X, and KDM. I can't find anything on limiting sockets of these to a > > > specific IP only. > > > > To see what daemons are listening you can use 'netstat -f inet -a'. The= n you > > see if you have to limit some other daemons (use -f inet6 for IPv6 if > > configured). > > > > Please post the output of the command above to see why you get ssh conn= ections > > to your jail IP answered by the host's ssh daemon. > > > > -Harry > > > > -- > > OmniSEC - UNIX und Windows Netzwerke - Sicher > > Harald Schmalzbauer > > Flintsbacher Str. 3 > > 80686 M=FCnchen > > +49 (0) 89 18947781 > > +49 (0) 160 93860101 > > >