From owner-freebsd-questions Mon Jun 10 10:14: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from tunnel.cae.ca (gate2.cae.com [142.39.200.151]) by hub.freebsd.org (Postfix) with ESMTP id B07EF37B84C for ; Mon, 10 Jun 2002 10:10:52 -0700 (PDT) Received: from dns1.cae.ca (dns1.cae.ca [142.39.20.1]) Received: from caemsx04.cae.ca (caemsx04.cae.ca [142.39.20.178]) Mon, 10 Jun 2002 13:08:36 -0400 (EDT) Received: by caemsx04.cae.ca with Internet Mail Service (5.5.2655.55) Message-ID: <8A6A2A139700D5118EB6009027B0FF3A0B7FDFCA@caemsx02.cae.ca> From: Andrea Bacchet To: "'freebsd-questions@FreeBSD.ORG'" Cc: "'grimm@planetquake.com'" Subject: Jail single ip network (FreeBSD 4.5) Date: Mon, 10 Jun 2002 13:08:27 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Greetings, I have followed the instructions in the man page for jail, as well as several very useful tutorials on setting up jail. I am using FreeBSD 4.5. http://www.samag.com/documents/s=1151/sam0105d/0105d.htm http://www.bsdpro.com/info.php?cat=security&fileid=00014#article The part I didn't understand, was how it was possible to have the jail run within the machine, when the machine itself only has one network card and IP. I then looked into IP Aliasing www.freebsd.peon.net/tutorials/6 Now, the problem I am having has been stumping me for days, I have read all the archives on this mailing list having to do with Jail and haven't seen any mention of a problem like mine. so I setup my jail in /home/jail (I am only going to run one) I then created the network alias, here is the output from ifconfig: xl0: flags=8843 mtu 1500 options=3 inet 142.39.88.238 netmask 0xffffff00 broadcast 142.39.88.255 inet6 fe80::2c0:4fff:fea0:86fa%xl0 prefixlen 64 scopeid 0x1 inet 192.168.200.13 netmask 0xffffffff broadcast 192.168.200.13 ether 00:c0:4f:a0:86:fa media: Ethernet autoselect (10baseT/UTP) status: active lp0: flags=8810 mtu 1500 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 faith0: flags=8002 mtu 1500 I run the jail using the following command line: jail /home/jail darkside 192.168.200.13 /bin/sh /etc/rc If I do a ps -ax | grep J I can clearly see the jail running: 202 ?? SsJ 0:00.01 /usr/sbin/syslogd -s 209 ?? IsJ 0:00.00 /usr/sbin/inetd -wW 211 ?? IsJ 0:00.00 /usr/sbin/cron 213 ?? IsJ 0:00.25 /usr/sbin/sshd Host ftp is enabled (port 21) sshd is enabled (port 777) <- tested, I can connect from anywhere Jail telnetd is enabled (port 23) sshd is enabled (port 22) My host setup is working fine, I can ftp and ssh into the box without any problems. But I cannot telnet into the jail, nor ssh. In my testing, I noticed something very strange, if I try to telnet to the jail, then do a ps -ax | grep J, I can see that telnetd is now running! but it never responds, I cannot login! Is there something I am doing wrong? Can anyone help me troubleshoot this problem? __ Andrea Bacchet Technical Instructor, Software Systems Technology Engineering Technical Training Department e-mail: baccheta@cae.com phone: (514) 341-6780 X-2083 s-mail: CAE Inc, 8585 Cote de Liesse, St-Laurent, Canada, H4T 1G6 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message