Date: Mon, 23 May 2005 12:06:40 -0500 From: Greg Barniskis <nalists@scls.lib.wi.us> To: "Chad Leigh -- Shire.Net LLC" <chad@shire.net>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: TCP/IP inside of one jail is hosed but other jails (same jail install) work fine Message-ID: <42920DA0.6060506@scls.lib.wi.us> In-Reply-To: <5D64FC85-E26A-41A0-A685-A389D34138B9@shire.net> References: <5D64FC85-E26A-41A0-A685-A389D34138B9@shire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad Leigh -- Shire.Net LLC wrote: > Hi > > I have a single install of FreeBSD that is used for jails and all > the jails share the basic install through read only partitions > mounted from this root install. (Obviously not the same install > as the running host). > > The problem jail has no TCP connectivity except that apache2 > works. Ie, the website is working that runs inside this jail. > sshd is running but you cannot connect to it with ssh with the > error in the logs > > May 23 09:37:57 xxxxxx sshd[96372]: fatal: Timeout before > authentication for 6x.1xx.4x.58 > > If I am inside the jail and do, for example, nslookup, I get > > # nslookup >> www.sun.com > ;; connection timed out; no servers could be reached >> I am no expert on jails, but the symptoms you describe suggest to me that TCP/IP is fine except that for processes inside the one jail, *DNS lookups* are broken. The local sshd wants to DNS lookup your SSH client IP and can't, but apache runs fine because it (probably) is not logging client host names, just IP nums. Check that jail's /etc/resolv.conf and/or its internal DNS server if it has one, or else the external DNS server(s) that it's configured to query, as well as any DNS-related firewall rules that may be in play. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) <gregb at scls.lib.wi.us>, (608) 266-6348
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42920DA0.6060506>