On Tue, 29 May 2007, Reuben A. Popp spaketh thusly:
-}Hello everyone, can someone please (_please_!!) let me know what I'm doing
-}wrong in the following example?  I am near my wits end on implementing this,
-}any suggestions are greatly appreciated!
-}The scenario is that I have a server here with twin nics, bce0 and bce1; I
-}would like bce0 to be connected to our dmz network (192.168.x.x), while bce1
-}would be on our internal network.  A jail will reside on the ip assigned to
-}bce0, while the regular base system will bind to bce1.
-}My current rc.conf consists of the following:
-}ifconfig_bce0="inet netmask"
-}ifconfig_bce1="inet media 100BaseTX mediaopt full-duplex
-}# Enable Jails for multi-homed box (video)
-}jail_named_exec_start="/bin/sh /etc/rc"
-}# Routed and gateway settings
-}route_net1="-net -netmask"
-}Of course there's other things in there like binding various services (inetd,
-}syslog, et al) to the internal ip.
-}On bringing the machine up, I can ping both ips just fine; what I can't do is
-}ssh to the dmz address.  Yes, sshd is running inside the jail ;).  The output
-}of tcpdump shows a connect to that ip on bce0, but all responses appear to be
-}going out on bce1.

Are you remembering to edit /etc/ssh/sshd_config for both the jail and the
parent system to listen on the appropriate addresses?  The jail's
/etc/ssh/sshd_config needs a line that says "ListenAddress", the
parent's sshd_config needs to say "ListenAddress".  Also, crank
up the debugging for sshd with something like "LogLevel DEBUG3" and watch your
log files.

