Hi, i've set the outside ip for the jail..It works.. When i try to ssh to jail'ed system from the main system (in which is created jail) the connection is successful, but when i try to connect to jailed system from anywhere else i get this message: ssh: connect to host IP_NUMBER port 22: Operation timed out What can be wrong here? How to solve this problem?
On Tue, Aug 05, 2003 at 12:56:36PM -0000, stakys@punktas.lt wrote:> Hi, i've set the outside ip for the jail..It works.. When i try to ssh to > jail'ed system from the main system (in which is created jail) the > connection is successful, but when i try to connect to jailed system from > anywhere else i get this message: > ssh: connect to host IP_NUMBER port 22: Operation timed out > What can be wrong here? How to solve this problem?Are you running some sort of firewall on the main system? You might have to add additional rules allowing SSH into the jailed one... G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 You have, of course, just begun reading the sentence that you have just finished reading. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030805/5642692c/attachment.bin
On Tue, Aug 05, 2003 at 12:56:36PM -0000, stakys@punktas.lt wrote:> Hi, i've set the outside ip for the jail..It works.. When i try to ssh to > jail'ed system from the main system (in which is created jail) the > connection is successful, but when i try to connect to jailed system from > anywhere else i get this message: > ssh: connect to host IP_NUMBER port 22: Operation timed out > What can be wrong here? How to solve this problem?>>Are you running some sort of firewall on the main system? You might >>have to add additional rules allowing SSH into the jailed one...>>G'luck, >>PeterI'm running IPFW but i put such a lines to ipfw.rules to be sure that it's not firewall's fault, about connecting to jail'ed system from outside. Here are the lines: ipfw add 50 allow ip from any to any via lo0 ipfw add 51 allow ip from any to any via rl0
sockstat -4l | grep sshd root sshd 76407 3 tcp4 Jailed_system_outside_ip:22 *:* root sshd 111 4 tcp4 *:22 *:* I get this... Btw: i have just that firewall rules for testing if it's not ipfw fault. Also as i see for now i need to set for my main system and for jail'ed system to ListenAddress options yes? Ok i tried to do so, and changed ListenAddress parameter in jail'ed and main system sshd_config, the sockstat shows: root sshd 294 3 tcp4 Jailed_system_outside_ip:22 *:* root sshd 111 3 tcp4 Main_system_outside_ip:22 *:* But when i tried to connect to the jail'ed system from outside i get the message of connection timed out.> ----- Original Message ----- > From: "Sander de Leeuw" <sander@delete-it.nl> > To: <stakys@punktas.lt> > Sent: Tuesday, August 05, 2003 1:22 PM > Subject: RE: Problems with JAIL in 4.8R > > > > > > Hi, > > > > I'm not really sure about this, just writing what comes up in my mind. I > > also have running jails in FreeBSD 4.8, and one is running sshd without > > problems. First of all, I assume that you followed the procedure > > explained in 'man jail'. It is important to be sure that if you run some > > sort of daemon in a jail, while running the same daemon in you're host > > environment, they do NOT bind on the same TCP socket. So, doing a > > 'sockstat -4l | grep sshd' should return something like this: > > > > root sshd 19906 3 tcp4 192.168.25.16:22 *:* > > root sshd 116 3 tcp4 192.168.25.1:22 *:* > > > > AND NOT: > > > > root sshd 19906 3 tcp4 192.168.25.16:22 *:* > > root sshd 116 3 tcp4 *:22 *:* > > > > In this case you should set the ListenAddress parameter in you're > > /etc/ssh/sshd_config file. > > > > I hope you can do something with it, good luck. > > Sander de Leeuw > > sander@delete-it.nl > > > > > > -----Oorspronkelijk bericht----- > > Van: owner-freebsd-security@freebsd.org > > [mailto:owner-freebsd-security@freebsd.org] Namens stakys@punktas.lt > > Verzonden: dinsdag 5 augustus 2003 14:57 > > Aan: freebsd-security@freebsd.org > > Onderwerp: Problems with JAIL in 4.8R > > > > Hi, i've set the outside ip for the jail..It works.. When i try to ssh > > to > > jail'ed system from the main system (in which is created jail) the > > connection is successful, but when i try to connect to jailed system > > from > > anywhere else i get this message: > > ssh: connect to host IP_NUMBER port 22: Operation timed out > > What can be wrong here? How to solve this problem? > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to > > "freebsd-security-unsubscribe@freebsd.org" > > > > >
Didn't help. Any more suggesstions about solving this problem? ----- Original Message ----- From: "Konstantin M Volevatch" <cox@rosnet.ru> To: <stakys@punktas.lt>; <freebsd-security@freebsd.org> Sent: Tuesday, August 05, 2003 3:31 PM Subject: Re: Problems with JAIL in 4.8R> Try this: > ipfw add 52 allow ip from any to me via rl0 > > ? ????????? ?? 5 ?????? 2003 17:20 stakys@punktas.lt ???????: > > On Tue, Aug 05, 2003 at 12:56:36PM -0000, stakys@punktas.lt wrote: > > > Hi, i've set the outside ip for the jail..It works.. When i try to sshto> > > jail'ed system from the main system (in which is created jail) the > > > connection is successful, but when i try to connect to jailed systemfrom> > > anywhere else i get this message: > > > ssh: connect to host IP_NUMBER port 22: Operation timed out > > > What can be wrong here? How to solve this problem? > > > > > >>Are you running some sort of firewall on the main system? You might > > >>have to add additional rules allowing SSH into the jailed one... > > >> > > >>G'luck, > > >>Peter > > > > I'm running IPFW but i put such a lines to ipfw.rules to be sure thatit's> > not firewall's fault, about connecting to jail'ed system from outside. > > Here are the lines: > > ipfw add 50 allow ip from any to any via lo0 > > ipfw add 51 allow ip from any to any via rl0 > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to"freebsd-security-unsubscribe@freebsd.org"> > -- > Konstantin M. Volevatch <cox@rosnet.ru> > Internet Service Division, RosNet JSC, Moscow > (095) 7813332 [local:4341] >
Mayby i have to add some rules to ipfw to that rl0 alias somehow? I dont know how to add rule for rl0 alias, to allow all traffic. Because if just adding rules for rl0 it do not helps. ----- Original Message ----- From: "Konstantin M Volevatch" <cox@rosnet.ru> To: <stakys@punktas.lt>; <freebsd-security@freebsd.org> Sent: Tuesday, August 05, 2003 3:31 PM Subject: Re: Problems with JAIL in 4.8R> Try this: > ipfw add 52 allow ip from any to me via rl0 > > ? ????????? ?? 5 ?????? 2003 17:20 stakys@punktas.lt ???????: > > On Tue, Aug 05, 2003 at 12:56:36PM -0000, stakys@punktas.lt wrote: > > > Hi, i've set the outside ip for the jail..It works.. When i try to sshto> > > jail'ed system from the main system (in which is created jail) the > > > connection is successful, but when i try to connect to jailed systemfrom> > > anywhere else i get this message: > > > ssh: connect to host IP_NUMBER port 22: Operation timed out > > > What can be wrong here? How to solve this problem? > > > > > >>Are you running some sort of firewall on the main system? You might > > >>have to add additional rules allowing SSH into the jailed one... > > >> > > >>G'luck, > > >>Peter > > > > I'm running IPFW but i put such a lines to ipfw.rules to be sure thatit's> > not firewall's fault, about connecting to jail'ed system from outside. > > Here are the lines: > > ipfw add 50 allow ip from any to any via lo0 > > ipfw add 51 allow ip from any to any via rl0 > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to"freebsd-security-unsubscribe@freebsd.org"> > -- > Konstantin M. Volevatch <cox@rosnet.ru> > Internet Service Division, RosNet JSC, Moscow > (095) 7813332 [local:4341] >
I've tried and didn't help... Now i know that its really not firewalls problem:/ Got any ideas how to solve this ? ----- Original Message ----- From: "Konstantin M Volevatch" <cox@rosnet.ru> To: "stakys" <stakys@punktas.lt>; <freebsd-security@freebsd.org> Sent: Tuesday, August 05, 2003 9:14 PM Subject: Re: Problems with JAIL in 4.8R> Sorry, use rule: > ipfw add 52 allow tcp from any to JAIL_IP 22 > instead my previous reccomendation, becourse 'me' does not include aliasedIP> > ? ????????? ?? 5 ?????? 2003 18:46 stakys ???????: > > Mayby i have to add some rules to ipfw to that rl0 alias somehow? I dont > > know how to add rule for rl0 alias, to allow all traffic. Because ifjust> > adding rules for rl0 it do not helps. > > ----- Original Message ----- > > From: "Konstantin M Volevatch" <cox@rosnet.ru> > > To: <stakys@punktas.lt>; <freebsd-security@freebsd.org> > > Sent: Tuesday, August 05, 2003 3:31 PM > > Subject: Re: Problems with JAIL in 4.8R > > > > > Try this: > > > ipfw add 52 allow ip from any to me via rl0 > > -- > Konstantin M. Volevatch <cox@rosnet.ru> > Internet Service Division, RosNet JSC, Moscow > [095] 755 85 94 [local:4341] >