[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Two jail newbie questions

On 2007/10/23, Stefan Grundmann <sg AT waset DOT de> wrote:
> On Mon, Oct 22, 2007 at 10:15:45PM -0500, rick wrote:
> > I have installed the jail system using ezjail and it is up and running.
> >...
> > Q. 1.
> > Inside the jail I cannot ping out.
> this is intended. jail(8) prevents use of raw sockets.

But this can be override by this line in /etc/rc.conf


Whithout rebooting, can be set manually by root:

sysctl security.jail.socket_unixiproute_only=0

> > From outside the jail I cannot ssh in.
> > Where should I look at to fix this.  sshd is running inside the jail.
> > I get the error
> > ssh: connect to host xxx.65.222.198 port 22: No route to host
> i cannot reproduce this with my setup. but i remember problems last time i
> tried to abuse the loopback if for jails.

Check which IP/port the ssh process is listening to with:

sockstat -l4

> > Should I set the jail IP on the nve0 interface instead of the lo0
> > interface?
> it is one solution. another one would be to create a special purpose jail
> interface (ifconfig lo1 create; ifconfig lo1 name jail1; ifconfig jail1 inet xxx.65.222.198/32)

The easy way would be setting the jail ip as a secondary IP address to
nve0, by using the ifconfig alias parameter.

> > Q. 2.
> > I also tried to add some software from ports as root inside the jail
> > but cannot access the ports tree.
> you did install a ports tree inside the jail (ezjail-admin -p) ?

And update it later by using

ezjail-admin update -P

NOTE: The -p and -P parameters are not the same.

> > Do I add software from inside the jail? Or do I add it from outside the
> > jail?

You usually add software from inside the jail. It's important to grab
more knowledge about the basejail and ports configurations, like
environment variables.