Date: Mon, 23 May 2005 10:09:34 -0600 From: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> To: bsd List <freebsd-questions@freebsd.org> Cc: Chad Leigh <chad@shire.net> Subject: TCP/IP inside of one jail is hosed but other jails (same jail install) work fine Message-ID: <5D64FC85-E26A-41A0-A685-A389D34138B9@shire.net>
next in thread | raw e-mail | index | archive | help
Hi I am on 5.3-RELEASE with some of the patches (uname = FreeBSD xxxxxx.org 5.3-RELEASE-p5 FreeBSD 5.3-RELEASE-p5 #5: Sun Apr 24 22:14:42 MDT 2005 chad@xxxxxxxxx.shire.net:/usr/obj/usr/src/sys/ XXXXXXX-SMP i386) I have a single install of FreeBSD that is used for jails and all the jails share the basic install through read only partitions mounted from this root install. (Obviously not the same install as the running host). The problem jail has no TCP connectivity except that apache2 works. Ie, the website is working that runs inside this jail. sshd is running but you cannot connect to it with ssh with the error in the logs May 23 09:37:57 xxxxxx sshd[96372]: fatal: Timeout before authentication for 6x.1xx.4x.58 If I am inside the jail and do, for example, nslookup, I get # nslookup > www.sun.com ;; connection timed out; no servers could be reached > If I try to ssh out it never finishes. I can ssh out of other jails. If I try to ping out of another jail, I get "ping: socket: Operation not permitted". If I try to ping out of this jail I get nothing -- no error. It just "hangs" and does not return to the shell. /etc/resolv.conf in the jail is correct. This jail was working and without any changes being made, stopped working. I have audited /etc and found no changed files. I stopped and restarted the jail. Did not fix it. WHat is strange is that apache2 is still responding, and even on rebooting the jail still works. If I do a netstat -a in another jail on the same host it comes back right away. If I do a netstat on this jail, it takes forever but after a few minutes does finish. One strange thing is that a netstat -a in the problem jail showed (it no longer shows after I explicitly put a TCP4 ListenAddress in the sshd conf in the problem jail and restarted the jail -- problem still persists) tcp4 0 0 166.70.252.195.ssh *.* LISTEN tcp6 0 0 *.ssh *.* LISTEN a tcp6 port open the same netstat -a in another jail does not show the tcp6 port open. the host does have "options INET6 # IPv6 communications protocols" in the kernel but both the host and the jail have 'ipv6_enable="NO" ' in their /etc/rc.conf and /etc/defaults/ rc.conf respectively. All the jails have the default freebsd sshd conf (except as noted above). Any suggestions welcome. Thanks Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad@shire.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5D64FC85-E26A-41A0-A685-A389D34138B9>