From owner-freebsd-questions@FreeBSD.ORG Tue May 29 18:58:37 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DC11B16A469 for ; Tue, 29 May 2007 18:58:37 +0000 (UTC) (envelope-from schulra@earlham.edu) Received: from sipala.earlham.edu (sipala.earlham.edu [159.28.1.75]) by mx1.freebsd.org (Postfix) with ESMTP id 8A0CC13C487 for ; Tue, 29 May 2007 18:58:37 +0000 (UTC) (envelope-from schulra@earlham.edu) Received: from tdream.lly.earlham.edu (tdream.lly.earlham.edu [159.28.7.241]) by sipala.earlham.edu (8.13.6/8.13.6) with ESMTP id l4TIwakB023679 for ; Tue, 29 May 2007 14:58:36 -0400 (EDT) Date: Tue, 29 May 2007 15:00:23 -0400 (EDT) From: Randy Schultz X-X-Sender: schulra@tdream.lly.earlham.edu To: questions@freebsd.org In-Reply-To: <200705291259.43688.rapopp@eastcentral.edu> Message-ID: References: <200705291259.43688.rapopp@eastcentral.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: Subject: Re: Fwd: Static Routes, gateways and the end of my sanity X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2007 18:58:37 -0000 On Tue, 29 May 2007, Reuben A. Popp spaketh thusly: -} -}Hello everyone, can someone please (_please_!!) let me know what I'm doing -}wrong in the following example? I am near my wits end on implementing this, -}any suggestions are greatly appreciated! -} -}The scenario is that I have a server here with twin nics, bce0 and bce1; I -}would like bce0 to be connected to our dmz network (192.168.x.x), while bce1 -}would be on our internal network. A jail will reside on the ip assigned to -}bce0, while the regular base system will bind to bce1. -} -}My current rc.conf consists of the following: -}------------------------------------------- -}defaultrouter="10.228.228.254" -}ifconfig_bce0="inet 192.168.4.80 netmask 255.255.255.0" -}ifconfig_bce1="inet 10.228.228.228 media 100BaseTX mediaopt full-duplex -}netmask 255.255.255.0" -} -}# Enable Jails for multi-homed box (video) -}jail_enable="YES" -}jail_list="video" -}jail_video_rootdir="/usr/local/jail/video" -}jail_video_hostname="video.eastcentral.edu" -}jail_video_ip="192.168.4.80" -}jail_named_exec_start="/bin/sh /etc/rc" -}jail_video_devfs_enable="YES" -} -}# Routed and gateway settings -}static_routes="net1" -}route_net1="-net 192.168.4.80/24 -netmask 255.255.255.0 192.168.4.254" -}------------------------------------------ -} -}Of course there's other things in there like binding various services (inetd, -}syslog, et al) to the internal ip. -} -}On bringing the machine up, I can ping both ips just fine; what I can't do is -}ssh to the dmz address. Yes, sshd is running inside the jail ;). The output -}of tcpdump shows a connect to that ip on bce0, but all responses appear to be -}going out on bce1. Are you remembering to edit /etc/ssh/sshd_config for both the jail and the parent system to listen on the appropriate addresses? The jail's /etc/ssh/sshd_config needs a line that says "ListenAddress 192.168.4.80", the parent's sshd_config needs to say "ListenAddress 10.228.228.228". Also, crank up the debugging for sshd with something like "LogLevel DEBUG3" and watch your log files. -- Randy (schulra@earlham.edu) 765.983.1283 <*> Rain puts a hole in stone because of its constancy, not its force. - H. Joseph Gerber