From owner-freebsd-jail@freebsd.org Tue Feb 12 14:37:59 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44BBC14E8680 for ; Tue, 12 Feb 2019 14:37:59 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4B18D8EA68 for ; Tue, 12 Feb 2019 14:37:58 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id EF1D714E867F; Tue, 12 Feb 2019 14:37:57 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C7CE214E867E for ; Tue, 12 Feb 2019 14:37:57 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it1-x12f.google.com (mail-it1-x12f.google.com [IPv6:2607:f8b0:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 238458EA67 for ; Tue, 12 Feb 2019 14:37:57 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it1-x12f.google.com with SMTP id c9so8044539itj.1 for ; Tue, 12 Feb 2019 06:37:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=YL9B1znesViNc//Rj2nDVCBTbo73aKU7xztS6sluwHI=; b=BAcCq7yxhYir7/g7gAGHWRN7shMFw4WeTtsJTQMZgadpcsYHZiZaj8IeAYsHy+ZkhA WnJ/49mQX1liKcHdZOwgkSuq8Q/e5dzfmUoim4m64nt1oHwi+Uq4lGOwJEOjAC2YNgpv oSY4xfDfStiCNNIOcdjNv3Q6MFMT0qruOEP+/5RjW4lv/NoqAjo2l71Pp7MThdGpULcU Mm5/PQn5wyhh+Ojtfl5sSLqBg5E83hkbpWNawpAIogPRA7qDmysmDNifgVVi7fCxXzO1 vCM4xVQtgdse2yeVrssp7XwHyw8KfLhrXIHn1hhckPeIEhqioe1maZ06dEA0taeBHWwv D2lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=YL9B1znesViNc//Rj2nDVCBTbo73aKU7xztS6sluwHI=; b=DsXerMP4MJidkAD3CDUQRueRnfIyvPWptiN7ee5MmltogFJDpb8WIvpR0+BPLnTL8F JwmrlNTiu1IUd2IpUoamM50Dz9N2kj2gelHu0qB99d4+ZJAqi5600q+7gUPAQmeiN6IV t7MsH541uP+w995H78diYMXWDg1qH5h5pp7vab/HCsyG9ZrvqAsvITb0Bx3XZ51HddoH agOP6kxXri/HGzM9QzZoohhmBQnp/OfxagUbbtevZLN5e/JixCG9QN9BhbzYVCMfzyYB 5a/XPcojOOq2Bz6mk1HTWsZlOKoFi0iPh7M6wnnq9wTtJa8M4K2fY0U5sbHhfI+scErf U0VA== X-Gm-Message-State: AHQUAuYAPZSYTvM1Ld/goN0PyfR4OhX0pTPlG2jLg8fwXEYVVYhSY9eG Ml1zaolBOQWTkE/Kq4WN7EFcXDlq X-Google-Smtp-Source: AHgI3Ibrk5cny4w56RqskC9+D4wt/XE+QQKsJ+/IiLuQZyxz8rv7pnQLpQXBzzzsGNEvPskj2VKISw== X-Received: by 2002:a6b:bc83:: with SMTP id m125mr2045234iof.83.1549982276349; Tue, 12 Feb 2019 06:37:56 -0800 (PST) Received: from [10.0.10.8] (cpe-65-25-53-210.neo.res.rr.com. [65.25.53.210]) by smtp.googlemail.com with ESMTPSA id o18sm1449623ioa.40.2019.02.12.06.37.54 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 12 Feb 2019 06:37:55 -0800 (PST) Message-ID: <5C62DA43.8050202@gmail.com> Date: Tue, 12 Feb 2019 09:37:55 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "Rudy (bulk address)" CC: jail@freebsd.org Subject: Re: "ipfw log" messages from jail show in host syslog References: <2331cedc410f2123b2a0e142f81bf92e.squirrel@mail.monkeybrains.net> In-Reply-To: <2331cedc410f2123b2a0e142f81bf92e.squirrel@mail.monkeybrains.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 238458EA67 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.986,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Feb 2019 14:37:59 -0000 Rudy (bulk address) wrote: > I've switched to VNET (love it) in jails. Neat, you an have ipfw running > in your jail! > > I added some log lines to test it out and was a bit confused when > /var/log/security wasn't showing the log lines. Turns out, the kernel is > grabbing them and logging in the host and not the chrooted environment. > > Bug? Feature? :) > > Rudy > This is a known bug problem. There is a PR about this filed a few years ago. Now here is the good news. There is a simple solution. IPFW has the option to use an un-documented log file named ipfw0. When this log file is used in a vnet jail, IPFW does log to it at /var/log/security in the vnet jail. Add this to the rc.conf file of the vnet jail and restart the vnet jail to activate. firewall_logging ="NO" firewall_logif="YES" nohup tcpdump -lnti ipfw0 | logger -t jailname -p security.info & I am having network problems configuring my vnet jail on 12.0, using bridge/epair with ipfw/nated. I sure would appreciate your help in figuring out what is incorrect with my setup. If your agreeable, contact me off list. Thanks