From owner-freebsd-questions@FreeBSD.ORG Mon May 23 16:09:39 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05A3716A41C for ; Mon, 23 May 2005 16:09:39 +0000 (GMT) (envelope-from chad@shire.net) Received: from hobbiton.shire.net (hobbiton.shire.net [166.70.252.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id A86D043D53 for ; Mon, 23 May 2005 16:09:38 +0000 (GMT) (envelope-from chad@shire.net) Received: from [67.161.222.227] (helo=[192.168.99.68]) by hobbiton.shire.net with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.43) id 1DaFUl-000JdN-6D; Mon, 23 May 2005 10:09:36 -0600 Mime-Version: 1.0 (Apple Message framework v730) Message-Id: <5D64FC85-E26A-41A0-A685-A389D34138B9@shire.net> From: "Chad Leigh -- Shire.Net LLC" Date: Mon, 23 May 2005 10:09:34 -0600 To: bsd List X-Mailer: Apple Mail (2.730) X-SA-Exim-Connect-IP: 67.161.222.227 X-SA-Exim-Mail-From: chad@shire.net Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on hobbiton.shire.net X-Spam-Status: No, score=-0.1 required=5.0 tests=AWL,BAYES_50 autolearn=disabled version=3.0.0 X-Spam-Level: X-SA-Exim-Version: 4.1+cvs (built Mon, 23 Aug 2004 08:44:05 -0700) X-SA-Exim-Scanned: Yes (on hobbiton.shire.net) Cc: Chad Leigh Subject: TCP/IP inside of one jail is hosed but other jails (same jail install) work fine X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2005 16:09:39 -0000 Hi I am on 5.3-RELEASE with some of the patches (uname = FreeBSD xxxxxx.org 5.3-RELEASE-p5 FreeBSD 5.3-RELEASE-p5 #5: Sun Apr 24 22:14:42 MDT 2005 chad@xxxxxxxxx.shire.net:/usr/obj/usr/src/sys/ XXXXXXX-SMP i386) I have a single install of FreeBSD that is used for jails and all the jails share the basic install through read only partitions mounted from this root install. (Obviously not the same install as the running host). The problem jail has no TCP connectivity except that apache2 works. Ie, the website is working that runs inside this jail. sshd is running but you cannot connect to it with ssh with the error in the logs May 23 09:37:57 xxxxxx sshd[96372]: fatal: Timeout before authentication for 6x.1xx.4x.58 If I am inside the jail and do, for example, nslookup, I get # nslookup > www.sun.com ;; connection timed out; no servers could be reached > If I try to ssh out it never finishes. I can ssh out of other jails. If I try to ping out of another jail, I get "ping: socket: Operation not permitted". If I try to ping out of this jail I get nothing -- no error. It just "hangs" and does not return to the shell. /etc/resolv.conf in the jail is correct. This jail was working and without any changes being made, stopped working. I have audited /etc and found no changed files. I stopped and restarted the jail. Did not fix it. WHat is strange is that apache2 is still responding, and even on rebooting the jail still works. If I do a netstat -a in another jail on the same host it comes back right away. If I do a netstat on this jail, it takes forever but after a few minutes does finish. One strange thing is that a netstat -a in the problem jail showed (it no longer shows after I explicitly put a TCP4 ListenAddress in the sshd conf in the problem jail and restarted the jail -- problem still persists) tcp4 0 0 166.70.252.195.ssh *.* LISTEN tcp6 0 0 *.ssh *.* LISTEN a tcp6 port open the same netstat -a in another jail does not show the tcp6 port open. the host does have "options INET6 # IPv6 communications protocols" in the kernel but both the host and the jail have 'ipv6_enable="NO" ' in their /etc/rc.conf and /etc/defaults/ rc.conf respectively. All the jails have the default freebsd sshd conf (except as noted above). Any suggestions welcome. Thanks Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad@shire.net