Date: Fri, 23 Mar 2007 13:49:12 +0100 From: Karol Kwiatkowski <karol.kwiat@gmail.com> To: Robin Becker <robin@reportlab.com> Cc: freebsd-questions@freebsd.org Subject: Re: ezjail ip conflicts Message-ID: <4603CCC8.3000702@gmail.com> In-Reply-To: <4603C8EF.1020104@chamonix.reportlab.co.uk> References: <4603C8EF.1020104@chamonix.reportlab.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Robin Becker wrote: > I'm getting these ip conflicts whilst trying to create a jail > > ezjail-admin create ....xxx.xxx.xxx.27 > > Warning: IP xxx.xxx.xxx.27 not configured on a local interface. > Warning: Some services already seem to be listening on all IP, > (including xxx.xxx.xxx.27) > This may cause some confusion, here they are: > mysql mysqld 505 10 tcp4 *:3306 *:* > root syslogd 291 6 udp4 *:514 *:* > > > my rc.conf has > > ifconfig_fxp0="inet xxx.xxx.xxx.26 netmask 255.255.255.248" > defaultrouter="xxx.xxx.xxx.25" > inetd_flags="-wW -a xxx.xxx.xxx.26" > > > so I believe the xxx.xxx.xxx.27 address is OK, but I guess I need to > make mysqld and syslogd listen only on xxx.xxx.xxx.26. I don't actually > understand what's preventing sshd from listening on all the addresses in > range unless it's the inetd flags, but I thought sshd is started by init > nowadays. If you're using sshd as a daemon have a look at "ListenAddress" directive in /etc/ssh/sshd_config. You can have multiple of those. > Anyhow I think I can fix the mysqld problem by having > > mysql_args="--bind-address=xxx.xxx.xxx.26" > > in the rc.conf, but I don't see any easy way to configure syslogd to > start with a -b xxx.xxx.xxx.26 How about adding 'syslogd_flags' in /etc/rc.conf? Those are the defaults: # grep syslogd /etc/defaults/rc.conf syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_program="/usr/sbin/syslogd" # path to syslogd syslogd_flags="-s" # Flags to syslogd (if enabled). Also, if you don't need it to bind at all it's better to use '-ss'. > how do I fix this or perhaps I don't need to? You could filter traffic at firewall but it's always better to have a simpler setup. HTH, Karol -- Karol Kwiatkowski <karol.kwiat at gmail dot com> OpenPGP 0x06E09309 [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGA8zPezeoPAwGIYsRCBIJAKCJGv+2ryML5bB3/hAHH+7j8L/B6ACgjJf3 tJi1AJLV9I5n4tDGey+l0R8= =TsCw -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4603CCC8.3000702>