SSH in Jails (accesing from other location)

ligregni

ligregni

Hi all

I have read many docs about Jails, including the Handbook, the jails(8) man page, and searched for some threads here talking about that, but I have no answer yet.

I am running a 8.0-FreeBSD machine, installed a Jail in it and I can successfully start/enter/login into it.

My specs are the following:

Code: 
Host's IP: 1.2.3.5 (from other computers in the same network I can SSH using this IP)
Jail's IP: 192.168.1.64

Also, I have my router set to redirect the traffic in port 22 to 1.2.3.5, so I can SSH the Host from my work (so there is no problem with my router configuration).

If I type:

Code: 
Host# ssh user@192.168.1.64

I get access to the jail (so, Jail's SSHd is well configured since I can access it from the Host system using SSH).

But if I SSH from other computer, I get into the Host system, not the Jail system that is where I wanna go.

I tried these things in the Host:

Code: 
Host# vi /etc/ssh/sshd_config

Port 22222 # I want to access the Host system via SSH but using another Port, I don't have problems here, simply I typed: ssh -p 22222 
user@public_ip_address and got logged in the Host

ListenAddress 1.2.3.5 # I also tried 192.169.1.64, I have no success with any of both (and sincerelly I don't see the point of telling SSH to 
listen its address (I got that on some resources I found: http://onlamp.com/pub/a/bsd/2006/03/09/jails-virtualization.html))

And according the same link, I also changed:

Code: 
Host# vi /etc/rc.conf

inetd_flags="-wW -a 1.2.3.5"
syslogd_flags="-ss"
sshd_enable="YES"
ifconfig_vr0="DHCP"

jail_interface="vr0"
jail_first_ip="192.168.1.64"

(I put also the lines I think should help you to diagnose the problem)

And also in the Jail:

Code: 
Jail# vi /etc/ssh/sshd_config

Port 22 # I want the jail to listen in this port

ListenAddress # Tried both 192.168.1.64 (jail's) and 1.2.3.5 (host)

I think there must be some redirection in the Host System I must put but I am lost.

Thanks for your help.
 
192.168.1.64 is on private IP space. Other hosts on your company network aren't going to have a route to get there -- unless your host provides NAT for the jail.

I haven't played with it, but someone here can probably advise you on natd(8).
 
Thanks "anomie"

I solved the problem following your advice, NAT was the answer.

Some config files to show the solution:

Host's /etc/rc.conf
Code: 
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="vr0"
natd_flags="-f /etc/natd.conf"

Host's /etc/natd.conf
Code: 
redirect_port tcp 192.168.1.64:22 22

Host's /etc/ssh/sshd_config
Code: 
Port 23456
/* This is to guarantee the access to your server (in the Host) but changing the port, while all Port22 activity will go to the Jail */

Host's /boot/loader.conf # I don't know really if it's necessary, try this after failed attempts ;)
Code: 
ipfw_load="YES"
ipdivert_load="YES"
net.inet.ip.fw.default_to_accept="1"

AND NOW WITH THE JAIL

Jail's /etc/rc.conf

Code: 
sshd_enable="YES"

All the other files (like Jail's /etc/ssh/sshd_config) remain with it's default config.

I didn't know FreeBSD had NAT service until above post mentioned, thanks again!

Greetings from Mexico!!!
 
You must log in or register to reply here.
Back
Top