From owner-freebsd-questions@FreeBSD.ORG Mon May 23 17:08:41 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2161016A41C for ; Mon, 23 May 2005 17:08:41 +0000 (GMT) (envelope-from nalists@scls.lib.wi.us) Received: from mail.scls.lib.wi.us (mail.scls.lib.wi.us [198.150.40.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id D356A43D49 for ; Mon, 23 May 2005 17:08:38 +0000 (GMT) (envelope-from nalists@scls.lib.wi.us) Received: from [172.26.2.238] ([172.26.2.238]) by mail.scls.lib.wi.us (8.12.9p2/8.12.9) with ESMTP id j4NH8bXm076815; Mon, 23 May 2005 12:08:37 -0500 (CDT) (envelope-from nalists@scls.lib.wi.us) Message-ID: <42920DA0.6060506@scls.lib.wi.us> Date: Mon, 23 May 2005 12:06:40 -0500 From: Greg Barniskis User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Chad Leigh -- Shire.Net LLC" , freebsd-questions References: <5D64FC85-E26A-41A0-A685-A389D34138B9@shire.net> In-Reply-To: <5D64FC85-E26A-41A0-A685-A389D34138B9@shire.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: TCP/IP inside of one jail is hosed but other jails (same jail install) work fine X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2005 17:08:41 -0000 Chad Leigh -- Shire.Net LLC wrote: > Hi > > I have a single install of FreeBSD that is used for jails and all > the jails share the basic install through read only partitions > mounted from this root install. (Obviously not the same install > as the running host). > > The problem jail has no TCP connectivity except that apache2 > works. Ie, the website is working that runs inside this jail. > sshd is running but you cannot connect to it with ssh with the > error in the logs > > May 23 09:37:57 xxxxxx sshd[96372]: fatal: Timeout before > authentication for 6x.1xx.4x.58 > > If I am inside the jail and do, for example, nslookup, I get > > # nslookup >> www.sun.com > ;; connection timed out; no servers could be reached >> I am no expert on jails, but the symptoms you describe suggest to me that TCP/IP is fine except that for processes inside the one jail, *DNS lookups* are broken. The local sshd wants to DNS lookup your SSH client IP and can't, but apache runs fine because it (probably) is not logging client host names, just IP nums. Check that jail's /etc/resolv.conf and/or its internal DNS server if it has one, or else the external DNS server(s) that it's configured to query, as well as any DNS-related firewall rules that may be in play. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) , (608) 266-6348