Date: Sat, 9 Aug 2008 14:38:31 +0200 From: "Redd Vinylene" <reddvinylene@gmail.com> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, freebsd-jail@freebsd.org Subject: My jails just died Message-ID: <f1019d520808090538j1c7585ctfc8a082d55f74508@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
My jails just died. They worked just fine yesterday and I haven't touched anything. I've tried rebooting over and over but they just won't start. jls remains empty. (root@mother)(08/09+12:25) (/usr) /etc/rc.d/jail start Configuring jails:. Starting jails: Nothing happens. I'm confused. On Sat, Aug 9, 2008 at 12:33 PM, Redd Vinylene <reddvinylene@gmail.com> wrote: > Man that was very, very helpful indeed. Interesting network forensics there... > > Do you have PayPal? Also, do let me know when you're in Sweden so I > can buy you a beer :-)) > > I've now come up with this question: > > - > > I got a FreeBSD server, mother (66.252.2.2). On it, I've made two > jails, camel (66.252.2.3) and box (66.252.2.4 through to > 66.252.2.127). The problem is that reverse lookups for any of the IPs > preceding .4 on box fails. If I connect to IRC with .5 for instance, > it times out and reverts back to .4, whose lookup works just fine. > BIND runs on camel. Could the problem be that BIND is not upstream for > all those IPs? (I 'm not quite sure what that means though, a friend > just gave me a tip.) Maybe I must configure the reverse for each of > IPs individually? I would really like to keep the DNS server running > on camel though, as its dedicated to all my vital services, whereas > box is more the home of all my users, and thus expendable ;) My > (hopefully) relevant configuration files can be found here -- > http://pastie.org/250469 -- much obliged, and thanks! > > - > > Cheers! > > On Sat, Aug 9, 2008 at 12:33 AM, Bjoern A. Zeeb > <bzeeb-lists@lists.zabbadoz.net> wrote: >> On Fri, 8 Aug 2008, Redd Vinylene wrote: >> >> Hi, >> >>> Actually I'm not sure how to make identd to listen to all the IPs. >> >> by default it does and it looks like it does: >> tcp4 0 0 *.113 *.* LISTEN >> >> >>> There's no such option in the manuals. But ain't the problem more >>> related to the IPs? >>> >>> If you need access to the host as well, surely that is no problem! >> >> I wondered how your users would IRC from a non-default IP but now this >> is obvious. >> >> >> So what I did in one exterm was: >> >> (bjoern@box)(08/09+03:06) >> (~) telnet -s 66.252.2.38 66.252.2.117 22 Trying 66.252.2.117... >> Connected to 66.252.2.117. >> Escape character is '^]'. >> SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110 >> >> >> and in the other I checked netstat -an for port 22 to find the other >> port number: >> >> tcp4 0 0 66.252.2.117.22 66.252.2.38.50503 ESTABLISHED >> tcp4 0 0 66.252.2.38.50503 66.252.2.117.22 ESTABLISHED >> >> trying to remember how to speak ident (auth): >> >> (bjoern@box)(08/09+03:07) >> (~) telnet -s 66.252.2.117 66.252.2.38 113 >> Trying 66.252.2.38... >> Connected to 66.252.2.38. >> Escape character is '^]'. >> 22,50503 >> 22 , 50503 : ERROR : NO-USER >> Connection closed by foreign host. >> (bjoern@box)(08/09+03:08) >> (~) (bjoern@box)(08/09+03:08) >> (~) telnet -s 66.252.2.117 66.252.2.38 113 >> Trying 66.252.2.38... >> Connected to 66.252.2.38. >> Escape character is '^]'. >> 50503,22 >> 50503 , 22 : USERID : UNKNOWN : bjoern >> Connection closed by foreign host. >> (bjoern@box)(08/09+03:08) >> >> looks good. >> >> What I notcied was that it was responing very slowly. So next I will >> check inetd options (especially -w/-W) and if I can find obvious things >> like DNS timeouts... >> >> (~) ps axuwl | grep inetd >> root 47676 0.0 0.1 3240 1348 ?? IsJ Thu11PM 0:00.01 inetd 0 >> 1 0 44 0 select >> >> I wonder why I do not see any options there? Have you started inetd >> manually? >> >> The defaults are: >> >> (/etc/defaults) grep inetd rc.conf inetd_enable="NO" # Run the >> network daemon dispatcher (YES/NO). >> inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different >> one. >> inetd_flags="-wW -C 60" # Optional flags to inetd >> (bjoern@box)(08/09+03:12) >> >> and rc.conf only has: >> (/etc) grep inetd rc.conf inetd_enable="YES" >> >> It's probably okay to not rate limit and not tcpwrap it - as it is >> running. >> >> You may want to add the following to /etc/rc.conf >> inetd_flags="" >> >> >> >> Okay resolve.conf is populated as well: >> (/etc) cat resolv.conf >> >> # FreeBSD/i386 box.fox-host.net >> >> nameserver 69.65.17.101 >> >> nameserver 69.65.16.102 >> >> >> Typing netstat (without options) hangs after "box", when it starts to >> resolve the additional IPs which are not in /etc/hosts. >> >> (/etc) host -t ns 2.252.66.in-addr.arpa. Host 2.252.66.in-addr.arpa not >> found: 2(SERVFAIL) >> >> You may want to add the other IPs with some dummy values to >> /etc/hosts to temporarily most likely solve this problem. >> >> telnet 66.252.2.4 22 returns instantly from within the jail, >> telnet 66.252.2.5 22 takes ages to print the SSH "EHLO" >> >> So I guess you problem is neither with jails nor with auth(ident) but >> with something trying to do a reverse lookup (on your address) and >> timing out, timing out the ident lookups from IRC servers which should >> return almost instantly. >> >> Let me know if that helped. >> >> >> Bjoern >> >> PS: >> >> BTW. clock is way off on this box: >> Sat Aug 9 03:19:45 UTC 2008 >> but it's about >> Fri Aug 8 22:27:59 UTC 2008 >> >> -- >> Bjoern A. Zeeb Stop bit received. Insert coin for new game. >> > > > > -- > http://www.home.no/reddvinylene > -- http://www.home.no/reddvinylene
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f1019d520808090538j1c7585ctfc8a082d55f74508>