Re: Why does netstat not work in jails?
On Fri, 28 Aug 2015 08:12:53 +0300 "Alexander V. Chernikov" wrote > 28.08.2015, 04:56, "Chris H" : > > I've been attempting to run jails on an 11-CURRENT > > for the purpose of building world/kernel && ports > > for all of our 9-STABLE production servers. I'm using > > standard/classic jail setup(s) -- not using any > > of the "convenience" ports/applications that abstract > > the process in any way. > > While everything seemed to go as intended/anticipated, > > I'm seeing things I *didn't* expect. > > The host network get's it's "public" IP from the router > > in front of it. From the router, I insure that it is > > allocated the same non-public IP everytime. So DHCP > > assigns it 192.168.0.100. I assigned the jail 192.168.0.103. > > SSHD is started within the jail, root IS allowed login. > > But any attempt to ssh to 192.168.0.103 from the host, > > returns: > > ssh_exchange_identification: Connection closed by remote host. > > > > SSHD id NOT running on the host. > > > > inetd_flags="-wW -a 192.168.0.100" and syslogd_flags="-ss" > > is set on the host via rc.conf > > > > second issue; loging into the jail, via jexex. If I perform: > > netstat -nr > > The following is returned: > > netstat: kvm not available: /dev/mem: No such file or directory > > Routing tables > > rt_tables: symbol not in namelist > > > > Any thought's jump out at anyone? > Direct kvm interface was removed from head a year ago. > What you can do is recompiling netstat binary from 9 with NewTree variable > defined to 1 and see if this helps. Output will look a bit different, but > you'll be able to see routing tables from jail. > https://svnweb.freebsd.org/base/stable/9/usr.bin/netstat/route.c?revision=242 > 025&view=markup#l122 > > Another option is merging r261207 and r263335. Perfect! That explains it. Thank you, Alexander! --Chris -- ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Why does netstat not work in jails?
28.08.2015, 04:56, "Chris H" : > I've been attempting to run jails on an 11-CURRENT > for the purpose of building world/kernel && ports > for all of our 9-STABLE production servers. I'm using > standard/classic jail setup(s) -- not using any > of the "convenience" ports/applications that abstract > the process in any way. > While everything seemed to go as intended/anticipated, > I'm seeing things I *didn't* expect. > The host network get's it's "public" IP from the router > in front of it. From the router, I insure that it is > allocated the same non-public IP everytime. So DHCP > assigns it 192.168.0.100. I assigned the jail 192.168.0.103. > SSHD is started within the jail, root IS allowed login. > But any attempt to ssh to 192.168.0.103 from the host, > returns: > ssh_exchange_identification: Connection closed by remote host. > > SSHD id NOT running on the host. > > inetd_flags="-wW -a 192.168.0.100" and syslogd_flags="-ss" > is set on the host via rc.conf > > second issue; loging into the jail, via jexex. If I perform: > netstat -nr > The following is returned: > netstat: kvm not available: /dev/mem: No such file or directory > Routing tables > rt_tables: symbol not in namelist > > Any thought's jump out at anyone? Direct kvm interface was removed from head a year ago. What you can do is recompiling netstat binary from 9 with NewTree variable defined to 1 and see if this helps. Output will look a bit different, but you'll be able to see routing tables from jail. https://svnweb.freebsd.org/base/stable/9/usr.bin/netstat/route.c?revision=242025&view=markup#l122 Another option is merging r261207 and r263335. > > Thanks! > > --Chris > > -- > > ___ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Why does netstat not work in jails?
On Thu, 27 Aug 2015 22:33:04 -0400 Allan Jude wrote > On 2015-08-27 22:12, Julian Elischer wrote: > > On 8/28/15 9:54 AM, Chris H wrote: > >> I've been attempting to run jails on an 11-CURRENT > >> for the purpose of building world/kernel && ports > >> for all of our 9-STABLE production servers. I'm using > >> standard/classic jail setup(s) -- not using any > >> of the "convenience" ports/applications that abstract > >> the process in any way. > >> While everything seemed to go as intended/anticipated, > >> I'm seeing things I *didn't* expect. > >> The host network get's it's "public" IP from the router > >> in front of it. From the router, I insure that it is > >> allocated the same non-public IP everytime. So DHCP > >> assigns it 192.168.0.100. I assigned the jail 192.168.0.103. > >> SSHD is started within the jail, root IS allowed login. > >> But any attempt to ssh to 192.168.0.103 from the host, > >> returns: > >> ssh_exchange_identification: Connection closed by remote host. > >> > >> SSHD id NOT running on the host. > >> > >> inetd_flags="-wW -a 192.168.0.100" and syslogd_flags="-ss" > >> is set on the host via rc.conf > > what does netstat -aAn show (on the main host). > > > >> second issue; loging into the jail, via jexex. If I perform: > >> netstat -nr > >> The following is returned: > >> netstat: kvm not available: /dev/mem: No such file or directory > > is there a /dev in the jail? if you have set it up, have you allowed > > mem to be one of the exported devices? > > I forget the exact details on how to set this but hopefully it's a hint. > > I have to look it up every time. Thanks for the hint, Julian! > > > >> Routing tables > >> rt_tables: symbol not in namelist > >> > >> Any thought's jump out at anyone? > >> > >> Thanks! > >> > >> --Chris > >> > >> -- > > Normally I wouldn't think you would want /dev/mem to be accessible > inside a jail, but you can probably do it by editing some of the devfs > rules. > > What info are you trying to get from netstat? Get some idea of what the jail thinks it's [network] topology is. So I might better debug my being unable to ssh into it from the host. > some of the info is available from sockstat etc. Indeed, sockstat(1) surprisingly *does* work. I thought of using it, too. But assumed /dev/mem would have been involved there, also. > > -- > Allan Jude Thanks, Allen, Julian! --Chris ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Why does netstat not work in jails?
On 2015-08-27 22:12, Julian Elischer wrote: > On 8/28/15 9:54 AM, Chris H wrote: >> I've been attempting to run jails on an 11-CURRENT >> for the purpose of building world/kernel && ports >> for all of our 9-STABLE production servers. I'm using >> standard/classic jail setup(s) -- not using any >> of the "convenience" ports/applications that abstract >> the process in any way. >> While everything seemed to go as intended/anticipated, >> I'm seeing things I *didn't* expect. >> The host network get's it's "public" IP from the router >> in front of it. From the router, I insure that it is >> allocated the same non-public IP everytime. So DHCP >> assigns it 192.168.0.100. I assigned the jail 192.168.0.103. >> SSHD is started within the jail, root IS allowed login. >> But any attempt to ssh to 192.168.0.103 from the host, >> returns: >> ssh_exchange_identification: Connection closed by remote host. >> >> SSHD id NOT running on the host. >> >> inetd_flags="-wW -a 192.168.0.100" and syslogd_flags="-ss" >> is set on the host via rc.conf > what does netstat -aAn show (on the main host). > >> second issue; loging into the jail, via jexex. If I perform: >> netstat -nr >> The following is returned: >> netstat: kvm not available: /dev/mem: No such file or directory > is there a /dev in the jail? if you have set it up, have you allowed > mem to be one of the exported devices? > I forget the exact details on how to set this but hopefully it's a hint. > I have to look it up every time. > >> Routing tables >> rt_tables: symbol not in namelist >> >> Any thought's jump out at anyone? >> >> Thanks! >> >> --Chris >> >> -- Normally I wouldn't think you would want /dev/mem to be accessible inside a jail, but you can probably do it by editing some of the devfs rules. What info are you trying to get from netstat? some of the info is available from sockstat etc. -- Allan Jude signature.asc Description: OpenPGP digital signature
Re: Why does netstat not work in jails?
On 8/28/15 9:54 AM, Chris H wrote: I've been attempting to run jails on an 11-CURRENT for the purpose of building world/kernel && ports for all of our 9-STABLE production servers. I'm using standard/classic jail setup(s) -- not using any of the "convenience" ports/applications that abstract the process in any way. While everything seemed to go as intended/anticipated, I'm seeing things I *didn't* expect. The host network get's it's "public" IP from the router in front of it. From the router, I insure that it is allocated the same non-public IP everytime. So DHCP assigns it 192.168.0.100. I assigned the jail 192.168.0.103. SSHD is started within the jail, root IS allowed login. But any attempt to ssh to 192.168.0.103 from the host, returns: ssh_exchange_identification: Connection closed by remote host. SSHD id NOT running on the host. inetd_flags="-wW -a 192.168.0.100" and syslogd_flags="-ss" is set on the host via rc.conf what does netstat -aAn show (on the main host). second issue; loging into the jail, via jexex. If I perform: netstat -nr The following is returned: netstat: kvm not available: /dev/mem: No such file or directory is there a /dev in the jail? if you have set it up, have you allowed mem to be one of the exported devices? I forget the exact details on how to set this but hopefully it's a hint. I have to look it up every time. Routing tables rt_tables: symbol not in namelist Any thought's jump out at anyone? Thanks! --Chris -- ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"