On Thu, 27 Aug 2015 22:33:04 -0400 Allan Jude <allanjude_at_freebsd.org> wrote > On 2015-08-27 22:12, Julian Elischer wrote: > > On 8/28/15 9:54 AM, Chris H wrote: > >> I've been attempting to run jails on an 11-CURRENT > >> for the purpose of building world/kernel && ports > >> for all of our 9-STABLE production servers. I'm using > >> standard/classic jail setup(s) -- not using any > >> of the "convenience" ports/applications that abstract > >> the process in any way. > >> While everything seemed to go as intended/anticipated, > >> I'm seeing things I *didn't* expect. > >> The host network get's it's "public" IP from the router > >> in front of it. From the router, I insure that it is > >> allocated the same non-public IP everytime. So DHCP > >> assigns it 192.168.0.100. I assigned the jail 192.168.0.103. > >> SSHD is started within the jail, root IS allowed login. > >> But any attempt to ssh to 192.168.0.103 from the host, > >> returns: > >> ssh_exchange_identification: Connection closed by remote host. > >> > >> SSHD id NOT running on the host. > >> > >> inetd_flags="-wW -a 192.168.0.100" and syslogd_flags="-ss" > >> is set on the host via rc.conf > > what does netstat -aAn show (on the main host). > > > >> second issue; loging into the jail, via jexex. If I perform: > >> netstat -nr > >> The following is returned: > >> netstat: kvm not available: /dev/mem: No such file or directory > > is there a /dev in the jail? if you have set it up, have you allowed > > mem to be one of the exported devices? > > I forget the exact details on how to set this but hopefully it's a hint. > > I have to look it up every time. Thanks for the hint, Julian! > > > >> Routing tables > >> rt_tables: symbol not in namelist > >> > >> Any thought's jump out at anyone? > >> > >> Thanks! > >> > >> --Chris > >> > >> -- > > Normally I wouldn't think you would want /dev/mem to be accessible > inside a jail, but you can probably do it by editing some of the devfs > rules. > > What info are you trying to get from netstat? Get some idea of what the jail thinks it's [network] topology is. So I might better debug my being unable to ssh into it from the host. > some of the info is available from sockstat etc. Indeed, sockstat(1) surprisingly *does* work. I thought of using it, too. But assumed /dev/mem would have been involved there, also. > > -- > Allan Jude Thanks, Allen, Julian! --ChrisReceived on Fri Aug 28 2015 - 01:17:36 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:59 UTC