From owner-freebsd-current@freebsd.org Fri Aug 28 03:17:36 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 16DA09C4A80 for ; Fri, 28 Aug 2015 03:17:36 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from udns.ultimatedns.net (ultimatedns.net [209.180.214.225]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AC8CDB7B for ; Fri, 28 Aug 2015 03:17:35 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id t7S3GLMN026179 for ; Thu, 27 Aug 2015 20:16:27 -0700 (PDT) (envelope-from bsd-lists@bsdforge.com) To: In-Reply-To: <55DFC860.4090404@freebsd.org> References: <55DFC388.6080100@freebsd.org>, <55DFC860.4090404@freebsd.org> From: "Chris H" Subject: Re: Why does netstat not work in jails? Date: Thu, 27 Aug 2015 20:16:27 -0700 Content-Type: text/plain; charset=UTF-8; format=fixed MIME-Version: 1.0 Message-id: <45e258ed2f82516497a14e9db675b5f1@ultimatedns.net> Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Aug 2015 03:17:36 -0000 On Thu, 27 Aug 2015 22:33:04 -0400 Allan Jude wrote > On 2015-08-27 22:12, Julian Elischer wrote: > > On 8/28/15 9:54 AM, Chris H wrote: > >> I've been attempting to run jails on an 11-CURRENT > >> for the purpose of building world/kernel && ports > >> for all of our 9-STABLE production servers. I'm using > >> standard/classic jail setup(s) -- not using any > >> of the "convenience" ports/applications that abstract > >> the process in any way. > >> While everything seemed to go as intended/anticipated, > >> I'm seeing things I *didn't* expect. > >> The host network get's it's "public" IP from the router > >> in front of it. From the router, I insure that it is > >> allocated the same non-public IP everytime. So DHCP > >> assigns it 192.168.0.100. I assigned the jail 192.168.0.103. > >> SSHD is started within the jail, root IS allowed login. > >> But any attempt to ssh to 192.168.0.103 from the host, > >> returns: > >> ssh_exchange_identification: Connection closed by remote host. > >> > >> SSHD id NOT running on the host. > >> > >> inetd_flags="-wW -a 192.168.0.100" and syslogd_flags="-ss" > >> is set on the host via rc.conf > > what does netstat -aAn show (on the main host). > > > >> second issue; loging into the jail, via jexex. If I perform: > >> netstat -nr > >> The following is returned: > >> netstat: kvm not available: /dev/mem: No such file or directory > > is there a /dev in the jail? if you have set it up, have you allowed > > mem to be one of the exported devices? > > I forget the exact details on how to set this but hopefully it's a hint. > > I have to look it up every time. Thanks for the hint, Julian! > > > >> Routing tables > >> rt_tables: symbol not in namelist > >> > >> Any thought's jump out at anyone? > >> > >> Thanks! > >> > >> --Chris > >> > >> -- > > Normally I wouldn't think you would want /dev/mem to be accessible > inside a jail, but you can probably do it by editing some of the devfs > rules. > > What info are you trying to get from netstat? Get some idea of what the jail thinks it's [network] topology is. So I might better debug my being unable to ssh into it from the host. > some of the info is available from sockstat etc. Indeed, sockstat(1) surprisingly *does* work. I thought of using it, too. But assumed /dev/mem would have been involved there, also. > > -- > Allan Jude Thanks, Allen, Julian! --Chris