From owner-freebsd-questions@FreeBSD.ORG  Tue Feb 17 04:49:23 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BB21216A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 17 Feb 2004 04:49:23 -0800 (PST)
Received: from itconsultuk.net (unknown [80.168.17.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 94A4243D1D
	for <freebsd-questions@freebsd.org>;
	Tue, 17 Feb 2004 04:49:23 -0800 (PST)
	(envelope-from jfm@itconsultuk.net)
Received: from jfm by itconsultuk.net with local (Exim 4.24; FreeBSD 4.8)
	id 1At4ff-000BH4-7g
	for freebsd-questions@freebsd.org; Tue, 17 Feb 2004 12:49:51 +0000
Date: Tue, 17 Feb 2004 12:49:51 +0000
From: John <lists@itconsultuk.net>
To: freebsd-questions@freebsd.org
Message-ID: <20040217124951.GA43293@itconsultuk.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Sender: John <jfm@itconsultuk.net>
Subject: jailed "system" needs ipv4 access
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2004 12:49:23 -0000

Hello

I made a jail for a domain I host, according to the man page for jail.
It runs great and I can ssh and telnet on port 25 into it from the host.

What I would like the root user to be able to do inside the jail is to
ssh to other boxes and use the ports collection. I have set the
following sysctls:

jail.set_hostname_allowed=0
jail.socket_unixiproute_only=0  

(the man page says:
cesses within jails may only access protocols in the following
domains: PF_LOCAL, PF_INET, and PF_ROUTE, permitting
them access to UNIX domain sockets, IPv4 addresses, and
routing sockets.  To enable access to other domains, this
MIB variable may be set to 0.)

I wanted it to access as much as possible ipv4-wise from inside the
jail.

I have set the 2nd MIB to 0 for this reason, but to no avail.

Is it possible for ssh and ftp to work from inside? I want root to
install ports from within.

cheers
--