From owner-freebsd-bugs@FreeBSD.ORG  Tue Jun 19 07:03:09 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@FreeBSD.org
Delivered-To: freebsd-bugs@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A0D1616A469;
	Tue, 19 Jun 2007 07:03:09 +0000 (UTC)
	(envelope-from frank@pinky.sax.de)
Received: from pinky.frank-behrens.de (pinky.frank-behrens.de [82.139.199.24])
	by mx1.freebsd.org (Postfix) with ESMTP id 0CA8313C46C;
	Tue, 19 Jun 2007 07:03:08 +0000 (UTC)
	(envelope-from frank@pinky.sax.de)
Received: from [192.168.20.32] (sun.behrens [192.168.20.32])
	by pinky.frank-behrens.de (8.14.1/8.14.1) with ESMTP-MSA id
	l5J6pBgc025931
	(version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO);
	Tue, 19 Jun 2007 08:51:11 +0200 (CEST)
	(envelope-from frank@pinky.sax.de)
Message-Id: <200706190651.l5J6pBgc025931@pinky.frank-behrens.de>
From: "Frank Behrens" <frank@pinky.sax.de>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org,
	FreeBSD-gnats-submit@FreeBSD.org
Date: Tue, 19 Jun 2007 08:51:11 +0200
MIME-Version: 1.0
Priority: normal
In-reply-to: <200706190100.l5J10xne085932@freefall.freebsd.org>
X-mailer: Pegasus Mail for Windows (4.31, DE v4.31 R1)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-Hashcash: 1:24:070619:freebsd-gnats-submit@freebsd.org::d7qTN+JrxY0On+wm:0uWO7
X-Hashcash: 1:24:070619:freebsd-bugs@freebsd.org::8ZxqzHkL4KUrOMKB:0000000002NVl0
X-Hashcash: 1:24:070619:linimon@freebsd.org::hOegdfP5ep5MdncD:0TQtw
Cc: 
Subject: Re: kern/84215: [jail] [patch] wildcard ip (INADDR_ANY) should not
	bind inside a jail
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2007 07:03:09 -0000

Mark Linimon <linimon@FreeBSD.org> wrote on 19 Jun 2007 1:00:
> State-Changed-From-To: open->feedback
> Note that feedback (about ssh not working with this patch) was requested
> some time ago.

Sorry, I must have overlooked that. My answer is:
The patch should work, I can not confirm the problem. Meanwhile I'm using this patch for 
years and I use FreeBSD 6.2-STABLE-200705211513.

A short test shows with net.inet.ip.bindwildcardtojails=0:
> ifconfig lo1 alias 192.168.200.11
> jail / testssh 192.168.200.11 /bin/csh

otherhost>nc -vvv 192.168.0.10 22
router.behrens [192.168.0.10] 22 (?) open
SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110

otherhost>nc -vvv 192.168.200.11 22
192.168.200.11: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [192.168.200.11] 22 (?): connection refused

Now I start inside the jail the sshd daemon:
frank@testssh:/# /usr/sbin/sshd
frank@testssh:/# sockstat -4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     sshd       25774 3  tcp4   192.168.200.11:22     *:*

and the connection to jail is possible
otherhost>nc -vvv 192.168.200.11 22
192.168.200.11: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [192.168.200.11] 22 (?) open
SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110

The short examples with nc show the same behavior as real ssh connections. 

Frank Behrens