From owner-freebsd-current@FreeBSD.ORG Mon Jul 28 12:59:50 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C54E437B401 for ; Mon, 28 Jul 2003 12:59:50 -0700 (PDT) Received: from gate.volant.org (gate.volant.org [207.111.218.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D6C043F3F for ; Mon, 28 Jul 2003 12:59:50 -0700 (PDT) (envelope-from patl@volant.org) Received: from 64-144-229-193.client.dsl.net ([64.144.229.193] helo=[192.168.0.13]) by gate.volant.org with asmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.33 #1) id 19hE9n-000NLK-00; Mon, 28 Jul 2003 12:59:43 -0700 Date: Mon, 28 Jul 2003 12:59:41 -0700 From: Pat Lashley To: Jon Disnard Message-ID: <2588382704.1059422381@mccaffrey.phoenix.volant.org> In-Reply-To: <3F24440C.1000005@linuxpowered.com> References: <1454962704.1059337526@mccaffrey.phoenix.volant.org> <3F24440C.1000005@linuxpowered.com> X-Mailer: Mulberry/3.1.0b4 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline cc: current@freebsd.org Subject: Re: SSH from host to jail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 19:59:51 -0000 --On Sunday, July 27, 2003 16:28:44 -0500 Jon Disnard wrote: > Pat Lashley wrote: >> I'm trying to set up some jails in a 5.1R system. I've pretty much >> copied a setup that was working fine in 4.8; but on 5.1 I can't seem >> to SSH from the host system into one of its jails. It acts like the >> packets just aren't getting through. >> >> I would really appreciate it if somebody would send me rc.conf fragments >> that are known to work for setting up a jail's IP alias and routing on >> 5.1. > > > sure, but this isn't going to fix your problem: > > ifconfig_wi0="inet 192.168.0.140 netmask 255.255.255.0" > ifconfig_wi0_alias0="inet 192.168.0.131 netmask 255.255.255.255" > > jail_enable="YES" > jail_list="shiba" > jail_shiba_hostname="shiba" > jail_shiba_ip="192.168.0.131" > jail_shiba_rootdir="/usr/prison/192_168_0_130/" > jail_shiba_exec="/bin/sh /etc/rc" Thanks, but this isn't the part I'm interested in. It looks like what I need is the stuff that sets up the IP alias, routing, etc. for the jail. The ifconfig_*_alias* and any route_* or related rc.conf entries. > To fix your problem you should try to mount a devfs for the jail so the > tty device is available for sshd to open when you login. I simply added > one line to my /etc/rc.d/jail script to test for the "dev" mount-point in > jail. Like so: Nope, I had a devfs set up. Note that I'm still getting them set up; so I'm starting them by hand instead of using the rc script. (Well, actually, I'll use an updated version of the script I was using on 4.8 because I have some additional work I want done there and I don't want to start the jails until after the stuff in /usr/local/etc/rc.d have been run.) > It could be easy to have it simply exist, or be non-null, to imply a > desire for devfs, and further checked for the existence of the > mount-point as I wrote above. > > I could have a pr+patch made in 5 minutes if anybody thinks this is not a > bad idea? Sounds good to me. And a similar patch for procfs. Or perhaps some more generic solution that would allow for open-ended additional mounts? jail_mumble_mounts='/etc/fstab.mumble' Then in the loop in /etc/rc.d/jail: eval jail_fstab=\"$jail_${_jail}_mounts\" [ -n $jail_fstab ] && mount -a -F $jail_fstab Note that fstab.mumble is outside the jail; and should only contain entries for devfs, procfs, and other mounts to be done on top of the jail before starting it. -Pat