I have a 'working' jail system, but I am trying to get another going. The only service I need on the new jail system is SSHD and rsync. I believe I used the exact same procedure to get the new jail running that I did the jail on the 'old' system, but I cannot get any network. The host system is able to get out to the network, and I am able to SSH into it. I modified the /etc/ssh/sshd_config to only listen on the host IP (10.1.10.49) and I have an alias set in my /etc/rc.conf as per below:
I used ezjail to create the base jails, etc. My ezjail.conf is basically the 'sample' one with one change for the default directory:
the /usr/local/etc/ezjail/cti config file is default.
the /array0/jails/cti/etc/rc.conf has:
I put the proper DNS name servers in /array0/jails/cti/etc/resolv.conf
ifconfig from inside the jail shows:
and inside the jail, netstat -a
I can ping the jail's IP from the host machine, and other machines. I cannot ping out from inside the jail, and when I try to SSH into it, I get either 'connetion refused' or 'broken pipe'.
I've double-checked the config files with the ones from the 'working' jail, but I am at a loss. I am just starting this project, and if I have to scrap the jail and start over, I'm willing to do so. Can someone direct me on creating this 'simple' jail?
Thanks
Code:
ifconfig_re0="inet 10.1.10.49 netmask 255.255.255.0"
defaultrouter="10.1.10.1"
sshd_enable="YES"
hostname="jailer.domain.local"
# -- sysinstall generated deltas -- # Fri Oct 16 07:27:23 2009
moused_enable="YES"
webmin_enable=YES
ezjail_enable=YES
ifconfig_re0_alias0="inet 10.1.10.50/32"
syslogd_flags="-ss"
ifconfig_re0_alias1="inet 10.1.10.51/32"I used ezjail to create the base jails, etc. My ezjail.conf is basically the 'sample' one with one change for the default directory:
Code:
ezjail_jaildir=/array0/jailsthe /usr/local/etc/ezjail/cti config file is default.
Code:
# To specify the start up order of your ezjails, use these lines to
# create a Jail dependency tree. See rcorder(8) for more details.
#
# PROVIDE: standard_ezjail
# REQUIRE:
# BEFORE:
#
export jail_cti_hostname="cti"
export jail_cti_ip="10.1.10.50"
export jail_cti_rootdir="/array0/jails/cti"
export jail_cti_exec="/bin/sh /etc/rc"
export jail_cti_mount_enable="YES"
export jail_cti_devfs_enable="YES"
export jail_cti_devfs_ruleset="devfsrules_jail"
export jail_cti_procfs_enable="YES"
export jail_cti_fdescfs_enable="YES"
export jail_cti_image=""
export jail_cti_imagetype=""
export jail_cti_attachparams=""
export jail_cti_attachblocking=""
export jail_cti_forceblocking=""the /array0/jails/cti/etc/rc.conf has:
Code:
sshd_enable=YESI put the proper DNS name servers in /array0/jails/cti/etc/resolv.conf
ifconfig from inside the jail shows:
Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
ether 00:24:1d:20:ab:d5
inet 10.1.10.50 netmask 0xffffffff broadcast 10.1.10.50
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
fwe0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:eb:fe:00:1f:d0
ch 1 dma -1
fwip0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
lladdr 0.eb.fe.c6.0.0.1f.d0.a.2.ff.fe.0.0.0.0
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384and inside the jail, netstat -a
Code:
cti# netstat -a
netstat: kvm not available: /dev/mem: No such file or directory
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 cti.smtp *.* LISTEN
tcp4 0 0 cti.ssh *.* LISTEN
udp4 0 0 cti.syslog *.*
Active UNIX domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
c6211540 dgram 0 0 0 c5b64c78 0 c62117e0
c5b65540 dgram 0 0 0 c5b65150 0 0
c62117e0 dgram 0 0 0 c5b64c78 0 0
c5b64c78 dgram 0 0 c7de2000 0 c6211540 0 /var/run/logpriv
c5b65150 dgram 0 0 c7df878c 0 c5b65540 0 /var/run/logI can ping the jail's IP from the host machine, and other machines. I cannot ping out from inside the jail, and when I try to SSH into it, I get either 'connetion refused' or 'broken pipe'.
I've double-checked the config files with the ones from the 'working' jail, but I am at a loss. I am just starting this project, and if I have to scrap the jail and start over, I'm willing to do so. Can someone direct me on creating this 'simple' jail?
Thanks