From owner-freebsd-current@freebsd.org Fri Aug 28 02:32:38 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8F0229C3B54 for ; Fri, 28 Aug 2015 02:32:38 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) by mx1.freebsd.org (Postfix) with ESMTP id 54D3F1584 for ; Fri, 28 Aug 2015 02:32:38 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [10.1.1.2] (unknown [10.1.1.2]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 0CAEC9F5C for ; Fri, 28 Aug 2015 02:32:37 +0000 (UTC) Subject: Re: Why does netstat not work in jails? To: freebsd-current@freebsd.org References: <55DFC388.6080100@freebsd.org> From: Allan Jude Message-ID: <55DFC860.4090404@freebsd.org> Date: Thu, 27 Aug 2015 22:33:04 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <55DFC388.6080100@freebsd.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k2PQtbb6QVttchccut6r3O1DddWMcxseF" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Aug 2015 02:32:38 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --k2PQtbb6QVttchccut6r3O1DddWMcxseF Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015-08-27 22:12, Julian Elischer wrote: > On 8/28/15 9:54 AM, Chris H wrote: >> I've been attempting to run jails on an 11-CURRENT >> for the purpose of building world/kernel && ports >> for all of our 9-STABLE production servers. I'm using >> standard/classic jail setup(s) -- not using any >> of the "convenience" ports/applications that abstract >> the process in any way. >> While everything seemed to go as intended/anticipated, >> I'm seeing things I *didn't* expect. >> The host network get's it's "public" IP from the router >> in front of it. From the router, I insure that it is >> allocated the same non-public IP everytime. So DHCP >> assigns it 192.168.0.100. I assigned the jail 192.168.0.103. >> SSHD is started within the jail, root IS allowed login. >> But any attempt to ssh to 192.168.0.103 from the host, >> returns: >> ssh_exchange_identification: Connection closed by remote host. >> >> SSHD id NOT running on the host. >> >> inetd_flags=3D"-wW -a 192.168.0.100" and syslogd_flags=3D"-ss" >> is set on the host via rc.conf > what does netstat -aAn show (on the main host). >=20 >> second issue; loging into the jail, via jexex. If I perform: >> netstat -nr >> The following is returned: >> netstat: kvm not available: /dev/mem: No such file or directory > is there a /dev in the jail? if you have set it up, have you allowed > mem to be one of the exported devices? > I forget the exact details on how to set this but hopefully it's a hint= =2E > I have to look it up every time. >=20 >> Routing tables >> rt_tables: symbol not in namelist >> >> Any thought's jump out at anyone? >> >> Thanks! >> >> --Chris >> >> --=20 Normally I wouldn't think you would want /dev/mem to be accessible inside a jail, but you can probably do it by editing some of the devfs rules. What info are you trying to get from netstat? some of the info is available from sockstat etc. --=20 Allan Jude --k2PQtbb6QVttchccut6r3O1DddWMcxseF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJV38hsAAoJEBmVNT4SmAt+dGUQAIm10NHUfhy7ULREUXWKvtGt CIFUYZOHNFUs1oQ0JA4DWnLEm0kCvKyODTnXBqQHKxW7WQN/3jhKF8DmJUQDJesd 8kzX1n4HcJqI4VN0A0BJE50J7tLLxRfqwcQIFlY9GP77aLw9Tr+l3JX0IWr/YvDo QH9TRrCZnl4f5L7KgAkYo/NYc/E9xHgYHHbjsz5w6vxRdc6i1g9WVjbItPKBqUlk lbOBDI8GPX+Wc8Uav2+W4twqIznvfgW2Tik9NqZwusNnWEvoQhTlTyH6BzhyJWql 4lVew+DWg/+IYoS7obMqCwr58id3AWDh7oUiXOU1pF15MCJX4Ev+6vdlhJ7seZt/ O7D0SDY32d8uSNiBd13YSKYoqQIgkxs1pHHCNSXtl1yXEcbWRxGPKLp0Ubs5WbQl +j7biCUUuWGecKmqM9R5o4LV+KzMWuJqQX5qM6vSR1KILQ5WBmTRV5omg8kRdRTq 08u71mNrCr9GTmEg5f7jIV2frF6meOoIizTtiSOFXPAlZefY2nheIuXxsdJEkaIb 3QNjiYBLxK9lFYHf/fPO8Qnt3hWgA+eT0WR3vnNzIlhy1sWuikeerDjJsNVM1lZx YeWOalW/qnKZWqCMLNgCGfxxU9peENRlZWKbdDzYf3TFMJUr+3UQNBy2sfUTmPib BmcsgqsEvyaXfj1zGvKe =Eydw -----END PGP SIGNATURE----- --k2PQtbb6QVttchccut6r3O1DddWMcxseF--