This is my first post, so while I will do my best to stick to the forum rules and guidelines, I'm sure I'll get something wrong. All assistance in that regard is appreciated.
With that out of the way, I seem to have a problem.
I currently have a FreeBSD 12.2 ZFS VPS set up, and connected to my nebula network. For those who haven't seen it, nebula is an overlay networking tool from the people behind slack.
My intention with this VPS is to create a server where the host (the VPS) is accessible via ssh over it's public IP address, and a jail, (eventually to be made into a git server) is accessible via ssh at the host's Nebula IP.
Before setting up the jail, I have ensured /etc/ssh/sshd_config on the host contains the (un-commented) line
so it allows the jail access to the other IP (192.168.97.5) on my Nebula network.
I then set up my /etc/jail.conf as follows:
After this, I populated the /jail/git directory with the base of FreeBSD 12.2, and copied across the host's /etc/resolve.conf and /etc/localtime.
Once this was set up, I set up the jail's rc.conf() with the one line:
and verified ssh was set up as a daemon with sysrc(). Then I edited the jail's /etc/ssh/sshd_config with the un-commented line:
and started the sshd service with
Now, just to be sure everything was set correctly, I restarted the droplet. This is when my problems started. While I could ssh into the host, and ping the nebula IP, when I tried to ssh into the jail from my workstation, I got an error:
which confused me.
After I verified that the jail was running, I entered into a shell in the jail, and ran
So sshd couldn't bind to port 22 on the nebula IP.
But, to my confusion, just running
Effectively what I think is happening, is that the nebula IP is either too slow to come up, or when I enter the jail with
I have tried a couple of solutions, each without success. Firstly, I attempted to use netwait_* from rc.conf() with my jail's (and my host, but on another attempt) /etc/rc.conf containing the extra lines:
When this didn't work, I tried again with the netwait_ip set as 192.168.97.1, the IP address of the network's lighthouse (The node on the nebula network that is on a publicly accessible IP so that all the other nodes can use it to find each other).
When this didn't work, I scoured the net for answers and came across a thread, Thread cant-start-sshd-at-boot-time-on-a-specific-address.22911. That describes a process of creating a service that would send an alarm to reload rc.conf, but I didn't entirely understand that, and couldn't get it to work.
Finally, I attempted to create a kind of dummy service in the host that relied on NETWORKING, and had to come before sshd, because I thought that maybe the sshd service wouldn't be affected by netwait otherwise.
Since none of these solutions worked, I have since removed the service I created, and my server is in the exact same state as after I rebooted the first time.
For clarity, the goal here is to get sshd to start automatically in the jail, and the problem seems to be that sshd is unable to bind to the IP from nebula at that point.
Any help or advice you can offer would be much appreciated.
With that out of the way, I seem to have a problem.
I currently have a FreeBSD 12.2 ZFS VPS set up, and connected to my nebula network. For those who haven't seen it, nebula is an overlay networking tool from the people behind slack.
My intention with this VPS is to create a server where the host (the VPS) is accessible via ssh over it's public IP address, and a jail, (eventually to be made into a git server) is accessible via ssh at the host's Nebula IP.
Before setting up the jail, I have ensured /etc/ssh/sshd_config on the host contains the (un-commented) line
Code:
ListenAddress <public ip>I then set up my /etc/jail.conf as follows:
Code:
# Variables
$j="/jail";
# Defaults
mount.devfs;
exec.clean;
exec.start="sh /etc/rc";
exec.stop="sh /etc/rc.shutdown";
host.hostname="$name.dfr.jl";
# The Git server on the Nebula IP
git {
path="$j/git";
ip4.addr="192.168.97.5";
}After this, I populated the /jail/git directory with the base of FreeBSD 12.2, and copied across the host's /etc/resolve.conf and /etc/localtime.
Once this was set up, I set up the jail's rc.conf() with the one line:
Code:
sshd_enable="YES"
Code:
ListenAddress 192.168.93.5 service sshd start at which point I was able to, from my FreeBSD workstation, ssh into the jail perfectly as expected.Now, just to be sure everything was set correctly, I restarted the droplet. This is when my problems started. While I could ssh into the host, and ping the nebula IP, when I tried to ssh into the jail from my workstation, I got an error:
Code:
ssh: connect to host 192.168.97.5 port 22: Connection refusedAfter I verified that the jail was running, I entered into a shell in the jail, and ran
grep sshd /var/log/auth.log returning:
Code:
Jan 8 15:54:13 git sshd[1131]: error: Bind to port 22 on 192.168.97.5 failed: Can't assign requested address.
Jan 8 15:54:13 git sshd[1131]: fatal: Cannot bind any address.But, to my confusion, just running
service sshd start started sshd successfully, and I could ssh into the jail with no problems at all.Effectively what I think is happening, is that the nebula IP is either too slow to come up, or when I enter the jail with
jail /jail/git git 192.168.97.5 /bin/csh to start the service, I am somehow giving the jail access to 192.168.97.5 that it didn't already have.I have tried a couple of solutions, each without success. Firstly, I attempted to use netwait_* from rc.conf() with my jail's (and my host, but on another attempt) /etc/rc.conf containing the extra lines:
Code:
netwait_enable="YES"
netwait_ip="192.168.97.5"When this didn't work, I scoured the net for answers and came across a thread, Thread cant-start-sshd-at-boot-time-on-a-specific-address.22911. That describes a process of creating a service that would send an alarm to reload rc.conf, but I didn't entirely understand that, and couldn't get it to work.
Finally, I attempted to create a kind of dummy service in the host that relied on NETWORKING, and had to come before sshd, because I thought that maybe the sshd service wouldn't be affected by netwait otherwise.
Since none of these solutions worked, I have since removed the service I created, and my server is in the exact same state as after I rebooted the first time.
For clarity, the goal here is to get sshd to start automatically in the jail, and the problem seems to be that sshd is unable to bind to the IP from nebula at that point.
Any help or advice you can offer would be much appreciated.