• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Diffrences between host and jail security bind ports

bryn1u

Well-Known Member

Thanks: 9
Messages: 328

#1
Hey guys,

Im trying to install some voice server like teamspeak 3 to speak with people from job. Im trying to install inside jail. When i run it i always get errors like below. The funny thing is that it works on host without any problems. Someone can tell if jail has same restricted features which block any soft need bind to ports ??
Code:
2017-10-08 20:12:49.657651|INFO    |              |   |Puzzle precompute time: 864
2017-10-08 20:12:49.659634|ERROR   |FileManager   |   |bind failed on :::30033; reason: Protocol not supported
2017-10-08 20:12:49.659698|ERROR   |FileManager   |   |filetransfer bind failed on :::30033; reason: Protocol not supported
2017-10-08 20:12:49.659795|CRITICAL|VirtualSvrMgr |   |Could not start file manager 258 no network port available
# jail.conf
Code:
Proton {
        path = /jails/Proton;
        enforce_statfs=2;
        allow.quotas;
        mount.devfs;
        exec.clean;
        exec.consolelog = "/var/log/jail_Proton_console.log";
        devfs_ruleset = 50;
        #mount.nodevfs;
        mount += "dev /jails/Proton/dev devfs rw,ruleset=50";
        mount += "fdesc /jails/Proton/dev/fd fdescfs rw", "proc /jails/Proton/proc procfs rw";
        #allow.mount;
        mount;
        host.hostname = proton.edu.pl;
        ip4.addr = x.x.x.x;
        interface = em0;
        securelevel = 3;
        exec.start = "/bin/sh /etc/rc";
        exec.stop = "/bin/sh /etc/rc.shutdown";
}
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,079
Messages: 26,940

#2
It probably requires the use of raw sockets, see jail(8):
Code:
             allow.raw_sockets
                     The jail root is allowed to create raw sockets.  Setting
                     this parameter allows utilities like ping(8) and
                     traceroute(8) to operate inside the jail.  If this is
                     set, the source IP addresses are enforced to comply with
                     the IP address bound to the jail, regardless of whether
                     or not the IP_HDRINCL flag has been set on the socket.
                     Since raw sockets can be used to configure and interact
                     with various network subsystems, extra caution should be
                     used where privileged access to jails is given out to
                     untrusted parties.
 
Top