Poul-Henning Kamp wrote (1999/05/03):
> You need to put ip aliases on your loopback interface, forinstance:
>
> ifconfig lo0 10.0.0.1 netmask 255.255.255.255 alias
> ...
> ifconfig lo0 10.0.0.5 netmask 255.255.255.255 alias
>
> Then you give each jail one of these ipnumbers and start whatever
> daemons you want in the jail (inetd, sshd, apache...)
>
> Of course your routing needs to work such that these ip numbers
> end up on your machine, you can also do this by adding multiple
> IP# to the ethernet of the machine.
Thanks. Now I know where was the problem - if I create ip alias
ifconfig lo0 A.B.C.D netmask 255.255.255.255 alias
I must write jail command as
jail /path domain.name D.C.B.A /command
so on my PC ip-address isn't converted to a network format. Here are my
suggestions:
*) Aplly this patch to jail.c:
(Or bug is in system call? What format should be there?)
--- jail.c.orig Tue May 4 14:00:36 1999
+++ jail.c Tue May 4 14:00:47 1999
@@ -21,7 +21,7 @@
i = inet_aton(argv[3], &in);
if (!i)
errx(1, "Couldn't make sense if ip number\n");
- j.ip_number = in.s_addr;
+ j.ip_number = htonl(in.s_addr);
i = jail(&j);
if (i)
err(1, "Imprisonment failed");
*) There should be "$Id" in all Makefile, jail.8, and jail.c I think.
*) In jail(8) there is synopsis "jail path hostname ip-number". It should
be "jail path hostname ip command ..." as is usage of jail command.
(I you want I can fill PRs :-)
Is it possible to call ping in prison session?
# ping some.host
ping: socket: Operation not permitted
--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
Rudolf Cejka ([email protected]; http://www.fee.vutbr.cz/~cejkar)
Brno University of Technology, Faculty of El. Engineering and Comp. Science
Bozetechova 2, 612 66 Brno, Czech Republic
To Unsubscribe: send mail to [email protected]
with "unsubscribe freebsd-current" in the body of the message
