Re: samba inside jails [was: jail/broadcast IP [was: ...]]
On Wed, 1 Oct 2008, Nejc S(koberne wrote: Hi, Cc:ing freebsd-jail again. I would like to make Samba, running in jail, to listen at a broadcast address. Normally Samba would listen on *.138 and *.137 (UDP), but when in jail, it can just listens at IP.138 and IP.137, which makes it unable to "see" the requests. So it listens on INADDR_ANY which is not the broadcast address. However the windows world is (was) high on broadcasts. If you have multiple IPs it does listen on *:{port} again but that's only partly the same as what you are probably thinking about. You can still run samba inside a (multi-IP) jail. Back in 2006, about this multi-IP patch, and samba from then I found the following: 1) samba does not respond from the same IP the packet was directed to but from your "Primary IP". This is interesting if you have multiple IPs from the same subnet on the same link and jail. 2) with the multi-IP jail patch I preserve the primary IP (the first IP given for each address family) as such. So you can actually tell a jail what the "primary"/fallback IP would be in case the introduced source address selection does not find any better. 3) In samba it used to be the interfaces = config option that you would set to the (primary) IP of your jail. With the above you should be able to address the samba server inside the jail and exchange files and all that. At least I was able to back then. Things may have changed. Depending on your setup browsing via good old braodcast stuff might not work but in any modern setup that should no longer be needed imho. Good luck. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Jail, pf and ftpd: Connection refused
Greetings ladies and gentlemen! Why does the below pf.conf (run from box1) give me "getpeername(control_sock): Transport endpoint is not connected, Socket error (Connection refused) - reconnecting" when trying to log onto box3 via passive FTP? Active FTP gives me "425 Can't build data connection: Connection refused." (box2 and box3 are jails running off box1) - [EMAIL PROTECTED] cat /etc/pf.conf box1 = "80.203.2.2" box2 = "80.203.2.3" box3 = "{ 80.203.2.4 [...] 80.203.2.127 }" ext_if = "rl0" set block-policy return set skip on { lo0 } scrub in pass out keep state block in pass in on $ext_if inet proto tcp from any to any port { 22 } keep state pass in on $ext_if inet proto tcp from any to $box2 port { 25, 53, 80, 110 } keep state pass in on $ext_if inet proto udp from any to $box2 port 53 keep state pass in on $ext_if inet proto tcp from any to $box3 port { 20, 21, 113 } keep state pass in on $ext_if inet proto icmp from any to any keep state - [EMAIL PROTECTED] cat /etc/inetd.conf ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l - I hope I've been verbose enough. Thank you! -- http://www.home.no/reddvinylene ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Jail, pf and ftpd: Connection refused
On Friday 03 October 2008 11:11:57 Redd Vinylene wrote: > Greetings ladies and gentlemen! > > Why does the below pf.conf (run from box1) give me > "getpeername(control_sock): Transport endpoint is not connected, > Socket error (Connection refused) - reconnecting" when trying to log > onto box3 via passive FTP? Active FTP gives me "425 Can't build data > connection: Connection refused." (box2 and box3 are jails running off > box1) See ftp-proxy(8). Note that active works with the ruleset you provided (due to the "pass out keep state"-rule), but there is obviously a firewall problem on the client preventing that. > - > > [EMAIL PROTECTED] cat /etc/pf.conf > > box1 = "80.203.2.2" > > box2 = "80.203.2.3" > > box3 = "{ 80.203.2.4 [...] 80.203.2.127 }" > > ext_if = "rl0" > > set block-policy return > > set skip on { lo0 } > > scrub in > > pass out keep state > > block in > > pass in on $ext_if inet proto tcp from any to any port { 22 } keep state > > pass in on $ext_if inet proto tcp from any to $box2 port { 25, 53, 80, > 110 } keep state > > pass in on $ext_if inet proto udp from any to $box2 port 53 keep state > > pass in on $ext_if inet proto tcp from any to $box3 port { 20, 21, 113 > } keep state > > pass in on $ext_if inet proto icmp from any to any keep state > > - > > [EMAIL PROTECTED] cat /etc/inetd.conf > > ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l > > - > > I hope I've been verbose enough. Thank you! -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: samba inside jails [was: jail/broadcast IP [was: ...]]
Quoting "Bjoern A. Zeeb" <[EMAIL PROTECTED]> (from Fri, 3 Oct 2008 08:21:53 + (UTC)): 3) In samba it used to be the interfaces = config option that you would set to the (primary) IP of your jail. With the above you should be able to address the samba server inside the jail and exchange files and all that. At least I was able to back then. Things may have changed. I have samba running in a jail (8-current from a month or two ago, no multi-IP patch). No problems here. Depending on your setup browsing via good old braodcast stuff might not work but in any modern setup that should no longer be needed imho. I use it with network drives, so I'm not sure about broadcasts... Bye, Alexander. -- Truth never comes into the world but like a bastard, to the ignominy of him that brought her birth. -- Milton http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"