Re: Why does netstat not work in jails?
On Fri, 28 Aug 2015 08:12:53 +0300 Alexander V. Chernikov melif...@ipfw.ru wrote 28.08.2015, 04:56, Chris H bsd-li...@bsdforge.com: I've been attempting to run jails on an 11-CURRENT for the purpose of building world/kernel ports for all of our 9-STABLE production servers. I'm using standard/classic jail setup(s) -- not using any of the convenience ports/applications that abstract the process in any way. While everything seemed to go as intended/anticipated, I'm seeing things I *didn't* expect. The host network get's it's public IP from the router in front of it. From the router, I insure that it is allocated the same non-public IP everytime. So DHCP assigns it 192.168.0.100. I assigned the jail 192.168.0.103. SSHD is started within the jail, root IS allowed login. But any attempt to ssh to 192.168.0.103 from the host, returns: ssh_exchange_identification: Connection closed by remote host. SSHD id NOT running on the host. inetd_flags=-wW -a 192.168.0.100 and syslogd_flags=-ss is set on the host via rc.conf second issue; loging into the jail, via jexex. If I perform: netstat -nr The following is returned: netstat: kvm not available: /dev/mem: No such file or directory Routing tables rt_tables: symbol not in namelist Any thought's jump out at anyone? Direct kvm interface was removed from head a year ago. What you can do is recompiling netstat binary from 9 with NewTree variable defined to 1 and see if this helps. Output will look a bit different, but you'll be able to see routing tables from jail. https://svnweb.freebsd.org/base/stable/9/usr.bin/netstat/route.c?revision=242 025view=markup#l122 Another option is merging r261207 and r263335. Perfect! That explains it. Thank you, Alexander! --Chris -- ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Why does netstat not work in jails?
I've been attempting to run jails on an 11-CURRENT for the purpose of building world/kernel ports for all of our 9-STABLE production servers. I'm using standard/classic jail setup(s) -- not using any of the convenience ports/applications that abstract the process in any way. While everything seemed to go as intended/anticipated, I'm seeing things I *didn't* expect. The host network get's it's public IP from the router in front of it. From the router, I insure that it is allocated the same non-public IP everytime. So DHCP assigns it 192.168.0.100. I assigned the jail 192.168.0.103. SSHD is started within the jail, root IS allowed login. But any attempt to ssh to 192.168.0.103 from the host, returns: ssh_exchange_identification: Connection closed by remote host. SSHD id NOT running on the host. inetd_flags=-wW -a 192.168.0.100 and syslogd_flags=-ss is set on the host via rc.conf second issue; loging into the jail, via jexex. If I perform: netstat -nr The following is returned: netstat: kvm not available: /dev/mem: No such file or directory Routing tables rt_tables: symbol not in namelist Any thought's jump out at anyone? Thanks! --Chris -- ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Why does netstat not work in jails?
On 2015-08-27 22:12, Julian Elischer wrote: On 8/28/15 9:54 AM, Chris H wrote: I've been attempting to run jails on an 11-CURRENT for the purpose of building world/kernel ports for all of our 9-STABLE production servers. I'm using standard/classic jail setup(s) -- not using any of the convenience ports/applications that abstract the process in any way. While everything seemed to go as intended/anticipated, I'm seeing things I *didn't* expect. The host network get's it's public IP from the router in front of it. From the router, I insure that it is allocated the same non-public IP everytime. So DHCP assigns it 192.168.0.100. I assigned the jail 192.168.0.103. SSHD is started within the jail, root IS allowed login. But any attempt to ssh to 192.168.0.103 from the host, returns: ssh_exchange_identification: Connection closed by remote host. SSHD id NOT running on the host. inetd_flags=-wW -a 192.168.0.100 and syslogd_flags=-ss is set on the host via rc.conf what does netstat -aAn show (on the main host). second issue; loging into the jail, via jexex. If I perform: netstat -nr The following is returned: netstat: kvm not available: /dev/mem: No such file or directory is there a /dev in the jail? if you have set it up, have you allowed mem to be one of the exported devices? I forget the exact details on how to set this but hopefully it's a hint. I have to look it up every time. Routing tables rt_tables: symbol not in namelist Any thought's jump out at anyone? Thanks! --Chris -- Normally I wouldn't think you would want /dev/mem to be accessible inside a jail, but you can probably do it by editing some of the devfs rules. What info are you trying to get from netstat? some of the info is available from sockstat etc. -- Allan Jude signature.asc Description: OpenPGP digital signature
Re: Why does netstat not work in jails?
28.08.2015, 04:56, Chris H bsd-li...@bsdforge.com: I've been attempting to run jails on an 11-CURRENT for the purpose of building world/kernel ports for all of our 9-STABLE production servers. I'm using standard/classic jail setup(s) -- not using any of the convenience ports/applications that abstract the process in any way. While everything seemed to go as intended/anticipated, I'm seeing things I *didn't* expect. The host network get's it's public IP from the router in front of it. From the router, I insure that it is allocated the same non-public IP everytime. So DHCP assigns it 192.168.0.100. I assigned the jail 192.168.0.103. SSHD is started within the jail, root IS allowed login. But any attempt to ssh to 192.168.0.103 from the host, returns: ssh_exchange_identification: Connection closed by remote host. SSHD id NOT running on the host. inetd_flags=-wW -a 192.168.0.100 and syslogd_flags=-ss is set on the host via rc.conf second issue; loging into the jail, via jexex. If I perform: netstat -nr The following is returned: netstat: kvm not available: /dev/mem: No such file or directory Routing tables rt_tables: symbol not in namelist Any thought's jump out at anyone? Direct kvm interface was removed from head a year ago. What you can do is recompiling netstat binary from 9 with NewTree variable defined to 1 and see if this helps. Output will look a bit different, but you'll be able to see routing tables from jail. https://svnweb.freebsd.org/base/stable/9/usr.bin/netstat/route.c?revision=242025view=markup#l122 Another option is merging r261207 and r263335. Thanks! --Chris -- ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Why does netstat not work in jails?
On 8/28/15 9:54 AM, Chris H wrote: I've been attempting to run jails on an 11-CURRENT for the purpose of building world/kernel ports for all of our 9-STABLE production servers. I'm using standard/classic jail setup(s) -- not using any of the convenience ports/applications that abstract the process in any way. While everything seemed to go as intended/anticipated, I'm seeing things I *didn't* expect. The host network get's it's public IP from the router in front of it. From the router, I insure that it is allocated the same non-public IP everytime. So DHCP assigns it 192.168.0.100. I assigned the jail 192.168.0.103. SSHD is started within the jail, root IS allowed login. But any attempt to ssh to 192.168.0.103 from the host, returns: ssh_exchange_identification: Connection closed by remote host. SSHD id NOT running on the host. inetd_flags=-wW -a 192.168.0.100 and syslogd_flags=-ss is set on the host via rc.conf what does netstat -aAn show (on the main host). second issue; loging into the jail, via jexex. If I perform: netstat -nr The following is returned: netstat: kvm not available: /dev/mem: No such file or directory is there a /dev in the jail? if you have set it up, have you allowed mem to be one of the exported devices? I forget the exact details on how to set this but hopefully it's a hint. I have to look it up every time. Routing tables rt_tables: symbol not in namelist Any thought's jump out at anyone? Thanks! --Chris -- ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Why does netstat not work in jails?
On Thu, 27 Aug 2015 22:33:04 -0400 Allan Jude allanj...@freebsd.org wrote On 2015-08-27 22:12, Julian Elischer wrote: On 8/28/15 9:54 AM, Chris H wrote: I've been attempting to run jails on an 11-CURRENT for the purpose of building world/kernel ports for all of our 9-STABLE production servers. I'm using standard/classic jail setup(s) -- not using any of the convenience ports/applications that abstract the process in any way. While everything seemed to go as intended/anticipated, I'm seeing things I *didn't* expect. The host network get's it's public IP from the router in front of it. From the router, I insure that it is allocated the same non-public IP everytime. So DHCP assigns it 192.168.0.100. I assigned the jail 192.168.0.103. SSHD is started within the jail, root IS allowed login. But any attempt to ssh to 192.168.0.103 from the host, returns: ssh_exchange_identification: Connection closed by remote host. SSHD id NOT running on the host. inetd_flags=-wW -a 192.168.0.100 and syslogd_flags=-ss is set on the host via rc.conf what does netstat -aAn show (on the main host). second issue; loging into the jail, via jexex. If I perform: netstat -nr The following is returned: netstat: kvm not available: /dev/mem: No such file or directory is there a /dev in the jail? if you have set it up, have you allowed mem to be one of the exported devices? I forget the exact details on how to set this but hopefully it's a hint. I have to look it up every time. Thanks for the hint, Julian! Routing tables rt_tables: symbol not in namelist Any thought's jump out at anyone? Thanks! --Chris -- Normally I wouldn't think you would want /dev/mem to be accessible inside a jail, but you can probably do it by editing some of the devfs rules. What info are you trying to get from netstat? Get some idea of what the jail thinks it's [network] topology is. So I might better debug my being unable to ssh into it from the host. some of the info is available from sockstat etc. Indeed, sockstat(1) surprisingly *does* work. I thought of using it, too. But assumed /dev/mem would have been involved there, also. -- Allan Jude Thanks, Allen, Julian! --Chris ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
