similar to: Configuring JAIL to bind on lo0 interface

Hello, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! But I have one problem: If I want to stop a jail with 'jaill -r jailname', I get "umount: unmount of /.jail.jailname failed: Device busy" It seems to me that the order of fstab.jailname entries are not reverted by jail(8) when shutting down/umounting. My C skills

hello, I have turned on sysctls variables: net.inet.tcp.log_in_vain: 1 net.inet.udp.log_in_vain: 1 And i have plenty of strange connection attempts on udp protocol Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 Apr 13 23:56:53 pals /kernel: Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 Connection attempt to UDP

This message was sent to bugtraq today: While playing around with FreeBSD 5.4 and jailing I discovered that it was possible to put an ethernet interface into promiscious mode from within the jailed environment, allowing a packetsniffer to gather data not meant for the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.x This can be reproduced on boxes where BPF support is

I''ve recently installed Debian Lenny witch Xen (xen-utils, xen.tools and xen-linux-system-2.6.26-2-xen-amd64). I want to virtualize some windows servers, but I''m unable to connect to localhost VNC when I start the vm (xm create) to proceed with windows instalation. The VM config is: import os, re arch = os.uname()[4] if re.search(''64'', arch):

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm trying to run a QEMU VM on top of a FreeBSD 7.x server ... I've tried the exact same setup on my desktop, using 192.168.1.x and an fxp device, and it all works perfectly, but as soon as I do this on another machine on a public IP, I'm not getting any routing, I can't even ping it from the same machine ... My first thought was

Hello list! When em0 has an inet address while bridge0 doesn't, it seems to be OK: ----- bs1% uname -a FreeBSD bs1.sp34.ru 7.0-STABLE FreeBSD 7.0-STABLE #0: Sun May 25 20:15:26 MSD 2008 root@bs1.sp34.ru:/usr/obj/usr/src/sys/BSM i386 bs1% ifconfig em0; ifconfig tap0; ifconfig bridge0 em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500

Hello all, I seem to have lost my netlogon share.. I've seen scattered info about this via google.. Is there a resolution? Is there something that I am missing? We didn't have this problem in 3.0.22 (FreeBSD ports if it matters) I can open the netlogon share via \\isc # Samba config file created using SWAT # from 192.168.1.218 (192.168.1.218) # Date: 2006/11/03 08:34:30 [global]

Dear W.D. Do you understand that by adding the rules into kernel space numbered from zero to sixty five thousand five hundred thirty four you may alter the behavior of the rule number sixty five thousand five hundred thirty five can you please define and list the goals you are trying to achieve by altering default rule in the terms you can both explain and understand. ----- Original Message

Hi all, Is it mandatory to add device mem to jails to enable network via the gateway? Left ezjail with FreeBSD-6.3 (and a hardware replacement of my server) and am now starting again with FreeBSD-7.1. Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails on 7.0). After creating the jail with `ezjail-admin update -i` I created a 'ports build' jail `ezjail-admin

ei tuka imam edin pf conf obache pravi mnogo nomera, kato se pusne parvoto koeto e dropva paketi, timeoutva po serverite i t.n.. i speed-a e mnogo baven, vijte ako nqkoi moje da otkrie generalna greshka da reply :) vapreki che ne e freebsd-specific :P ne sym go pisal az a i ne sam mnogo mnogo zapoznat s pf zatova ako nqkoi moje da pomogne e dobre doshyl :) btw moje i neshto ot tia opcii kato set

Hi everyone, I administer this 5.2.1 Freebsd Box which runs a few services, among of which are bind and postfix. On the same box I run ipfw as a firewall, and have a default policy block for all incoming packets, except for those that are for ports 53 (tcp and udp) and 25 (tcp). I also have the following sysctl values enabled: net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 In my security logs I

Hi, I am new to DTrace. Want to capture (for specific port #s) the loopback interface (lo0) tcp message flow with the complete message body. Is this possible with DTrace? Are any examples available? Thanks, Joe ____________________________________________________________________________________ Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.

For reasons unknown, any connections to localhost -- tcp, icmp, or udp -- are all originating from my external interface, rl0: $ telnet localhost 25 Trying ::1... Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Can't assign requested address telnet: Unable to connect to remote host IPFW log: Jul 16 12:46:43 octo ipfw: 100 Accept TCP 192.168.1.119:1434 127.0.0.1:25 out via rl0

Hi all, I am looking at securing a web server using the FreeBSD MAC Framework. To make things clear I will call the hosted users "web users". Those are the issues I am dealing with: ** Network Security ** - Web users shouldn't be able to connect to reserved local ports apart from 25(smtp); 80(http); 443(https) and 3306(MySQL) Solution: run the web server and web users shell in

Hi, I have a dial up box (1.4) and another as an dns server. The default route on 1.4 is for the dial out for the other hosts. If I want to establish an connection (http) from the dialout box I can''t establish it (Network unreachable). The other hosts are configured with an default gateway 192.168.1.4 and have no such problems. Routing tables Internet: Destination Gateway

Hello from ealier 6.0 there is problem with synproxy in pf filter: this one 6.1-PRERELEASE #2: Wed Mar 15 02:02:37 MSK 2006 pf.conf just with single rule pass in quick on lo0 proto tcp from any to any port 22 flags S/SA synproxy state result telnet 127.0.0.1 22 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. and it's hangs pfctl -s rules -v No ALTQ support in

I am migrating from my "old" 2.2.7 samba server to a newer server runnig 3.0.20a and everythig is working except the [homes] share. The server (FILE-CABINET) is a member of the domain, security is set to ADS and, as far as I can tell, kerberos is working. The program wbinfo returns a list of users and groups like it should. getent passwd returns first my local passwd file and then

Hi! I am using courier IMAP with maildrop as LDA. I started reading about dovecot and i like started to feel that i can switch to it. I have couple questions mostly about dovecot's LDA. My main problem with maildrop is that i have to create manualy user directories grr. All my domains are set up as virtual with postfix. So when i add new accout thru my web panel and i have to create user dir

Hello there. I've just install nut 2.2 from source on my FreeBSD box. I have an MGE AVR 600 UPS on a USB cable. Following the INSTALL instructions, everything works in term of the USB driver detecting the right UPS and upsd loads up and runs without error. However, upsc reports the following error: # upsc mge600 at localhost Error: Connection failure:Can't assign requested address

heya i've been using freebsd's ipfw for quite a while and recently on a new server i've got this issue with ipfw that i can't understand ... something is wrong ... 01000 8042 1947866 allow ip from any to any via fxp0 01010 0 0 allow ip from any to any via lo0 01014 9886 4170269 divert 8668 ip from any to any in via vr0 01015 0 0 check-state 01130 14679 5695969 skipto 1800 ip from