From owner-freebsd-questions@FreeBSD.ORG  Thu Feb 21 02:56:48 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 4B693CAF
 for <freebsd-questions@freebsd.org>; Thu, 21 Feb 2013 02:56:48 +0000 (UTC)
 (envelope-from FreeBSD@shaneware.biz)
Received: from ipmail07.adl2.internode.on.net (unknown
 [IPv6:2001:44b8:8060:ff02:300:1:2:7])
 by mx1.freebsd.org (Postfix) with ESMTP id D6440D86
 for <freebsd-questions@freebsd.org>; Thu, 21 Feb 2013 02:56:47 +0000 (UTC)
Received: from ppp247-71.static.internode.on.net (HELO leader.local)
 ([203.122.247.71])
 by ipmail07.adl2.internode.on.net with ESMTP; 21 Feb 2013 13:26:45 +1030
Message-ID: <51258CEA.1050006@ShaneWare.Biz>
Date: Thu, 21 Feb 2013 13:26:42 +1030
From: Shane Ambler <FreeBSD@ShaneWare.Biz>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: doug@safeport.com
Subject: Re: jail and networking
References: <5124F505.4040906@bananmonarki.se>
 <13CA24D6AB415D428143D44749F57D7201EABA71@ltcfiswmsgmb21>
 <51250B20.4000308@bananmonarki.se> <512510ED.6080807@mail.com>,
 <51251496.4050701@bananmonarki.se>
 <13CA24D6AB415D428143D44749F57D7201EABC1F@ltcfiswmsgmb21>
 <51251FA5.6030903@mail.com>
 <alpine.BSF.2.00.1302201613280.27836@fledge.watson.org>
 <512554C6.3070306@bananmonarki.se>
 <alpine.BSF.2.00.1302201830160.74170@oceanpt.safeport.com>
In-Reply-To: <alpine.BSF.2.00.1302201830160.74170@oceanpt.safeport.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org, Bernt Hansson <bah@bananmonarki.se>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2013 02:56:48 -0000

It's been a while since I experimented with jails but I'm pretty sure it 
is the reason I changed my sshd_config

When you start sshd on the base system by default it binds against 
0.0.0.0 and :: which is every ip4 and ip6 address configured on the base 
system, which includes the aliased ip's for your jails. This is 
represented by the *:22 from sockstat. When you start the jail it can't 
start sshd because the base already has that address/port in use.

In /etc/ssh/sshd_config comment out the ListenAddress 0.0.0.0 and 
ListenAddress :: then add ListenAddress 10.0.0.3

service sshd restart

start your jail and try again

The jail config is fine as the jail only sees the one ip address 
assigned to it.