Re: identd on jail with multiple IPs
Redd Vinylene wrote: Good evening Bjoern, Exactly how do I do a packet trace? I could do a tcpdump -n -e -ttt -i rl0 but I don't know how to filter out all the noise. But actually, identd works just fine here with the jail's first IP, 66.252.2.4. The problem must be elsewhere. Just a shot in the dark. How about redirecting all IPs to the jail's primary IP with PF or similar? This might get you going - temporarily. Regards, Mikhail. -- Mikhail Goriachev Webanoide ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: identd on jail with multiple IPs
Bjoern, How much do you need to help me? I really need to get this stuff working. My friend who runs this server is regretting ever saying yes to my suggestion, as his customers are calling him every day giving him a hard time. On Thu, Aug 7, 2008 at 12:54 AM, Redd Vinylene <[EMAIL PROTECTED]> wrote: > On Wed, Aug 6, 2008 at 11:01 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: >> Could it be a DNS misconfiguration perhaps? > > No it's not, I just had it confirmed. Either I got the basics wrong, > or you got the patch wrong ;) > > Thank you so much for the help so far. Hopefully one of these days > I'll be able to donate you guys a nice sum of money. > > Best regards, > Redd > > -- > http://www.home.no/reddvinylene > -- http://www.home.no/reddvinylene ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: identd on jail with multiple IPs
On Wed, Aug 6, 2008 at 11:01 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: > Could it be a DNS misconfiguration perhaps? No it's not, I just had it confirmed. Either I got the basics wrong, or you got the patch wrong ;) Thank you so much for the help so far. Hopefully one of these days I'll be able to donate you guys a nice sum of money. Best regards, Redd -- http://www.home.no/reddvinylene ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: identd on jail with multiple IPs
Could it be a DNS misconfiguration perhaps? On Wed, Aug 6, 2008 at 10:58 PM, Redd Vinylene <[EMAIL PROTECTED]> wrote: > Good evening Bjoern, > > Exactly how do I do a packet trace? I could do a tcpdump -n -e -ttt -i > rl0 but I don't know how to filter out all the noise. > > But actually, identd works just fine here with the jail's first IP, > 66.252.2.4. The problem must be elsewhere. > > When I change the IP to 66.252.2.5, or any other IP besides the first, > I get errors like: > > ERROR Closing Link: 0.0.0.0 (A-banned: [AKILL ID:1212791563K-a] > [exp/idsh] Connections from this netrange are required to respond to > identd requests in order to connect to DALnet. Visit > http://kline.dal.net/exploits/ident.htm for more information. Contact > your provider if identd is not working (2008/08/04 02.07)) > > When connecting to irc.freenode.net though, it defaults back to > 66.252.2.4 no matter what IP I use. > > Maybe I've just twisted some of the basics? > > - > > The host (mother)'s rc.conf http://pastie.org/248762 (you've probably > seen that one before though) > > - > > 66.252.2.4# cat /etc/rc.conf > sshd_enable="YES" > inetd_enable="YES" > linux_enable="YES" > clear_tmp_enable="YES" > update_motd="NO" > > - > > 66.252.2.4# cat /etc/resolv.conf > # Same as the host. Perhaps it should only contain "nameserver 66.252.2.2"? > nameserver 69.65.17.101 > nameserver 69.65.16.102 > > - > > 66.252.2.4# cat /etc/hosts > 127.0.0.1 localhost localhost.fox-host.net > 66.252.2.2 mother.fox-host.net mother > 66.252.2.3 camel.fox-host.net camel > 66.252.2.4 box.fox-host.net box > > - > > 66.252.2.4# uname -a > FreeBSD mother.fox-host.net 7.0-STABLE FreeBSD 7.0-STABLE #3: Sat Aug > 2 18:55:18 CDT 2008 > [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 > > - > > Maybe you'd be willing to log onto the box yourself and boss it around a > little? > > Cheers, > Redd > > On Wed, Aug 6, 2008 at 10:18 PM, Bjoern A. Zeeb > <[EMAIL PROTECTED]> wrote: >> On Wed, 6 Aug 2008, Redd Vinylene wrote: >> >>> I cannot seem to make identd work on a jail with multiple IPs (Bjoern >>> Zeeb's patch): >> >> So do you have any kind of error message? packet traces or anything to >> further isolate the problem rather than "does not work"? >> >> -- >> Bjoern A. Zeeb Stop bit received. Insert coin for new game. >> > > > > -- > http://www.home.no/reddvinylene > -- http://www.home.no/reddvinylene ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: identd on jail with multiple IPs
Good evening Bjoern, Exactly how do I do a packet trace? I could do a tcpdump -n -e -ttt -i rl0 but I don't know how to filter out all the noise. But actually, identd works just fine here with the jail's first IP, 66.252.2.4. The problem must be elsewhere. When I change the IP to 66.252.2.5, or any other IP besides the first, I get errors like: ERROR Closing Link: 0.0.0.0 (A-banned: [AKILL ID:1212791563K-a] [exp/idsh] Connections from this netrange are required to respond to identd requests in order to connect to DALnet. Visit http://kline.dal.net/exploits/ident.htm for more information. Contact your provider if identd is not working (2008/08/04 02.07)) When connecting to irc.freenode.net though, it defaults back to 66.252.2.4 no matter what IP I use. Maybe I've just twisted some of the basics? - The host (mother)'s rc.conf http://pastie.org/248762 (you've probably seen that one before though) - 66.252.2.4# cat /etc/rc.conf sshd_enable="YES" inetd_enable="YES" linux_enable="YES" clear_tmp_enable="YES" update_motd="NO" - 66.252.2.4# cat /etc/resolv.conf # Same as the host. Perhaps it should only contain "nameserver 66.252.2.2"? nameserver 69.65.17.101 nameserver 69.65.16.102 - 66.252.2.4# cat /etc/hosts 127.0.0.1 localhost localhost.fox-host.net 66.252.2.2 mother.fox-host.net mother 66.252.2.3 camel.fox-host.net camel 66.252.2.4 box.fox-host.net box - 66.252.2.4# uname -a FreeBSD mother.fox-host.net 7.0-STABLE FreeBSD 7.0-STABLE #3: Sat Aug 2 18:55:18 CDT 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 - Maybe you'd be willing to log onto the box yourself and boss it around a little? Cheers, Redd On Wed, Aug 6, 2008 at 10:18 PM, Bjoern A. Zeeb <[EMAIL PROTECTED]> wrote: > On Wed, 6 Aug 2008, Redd Vinylene wrote: > >> I cannot seem to make identd work on a jail with multiple IPs (Bjoern >> Zeeb's patch): > > So do you have any kind of error message? packet traces or anything to > further isolate the problem rather than "does not work"? > > -- > Bjoern A. Zeeb Stop bit received. Insert coin for new game. > -- http://www.home.no/reddvinylene ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: identd on jail with multiple IPs
On Wed, 6 Aug 2008, Redd Vinylene wrote: I cannot seem to make identd work on a jail with multiple IPs (Bjoern Zeeb's patch): So do you have any kind of error message? packet traces or anything to further isolate the problem rather than "does not work"? -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
identd on jail with multiple IPs
Greetings! I cannot seem to make identd work on a jail with multiple IPs (Bjoern Zeeb's patch): jail # cat /etc/inetd.conf auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30 - jail # grep inetd /etc/rc.conf inetd_enable="YES" - host # grep jail /etc/rc.conf jail_enable="YES" jail_list="box" jail_box_ip="80.252.2.4,80.252.2.5,80.252.2.6,80.252.2.7,80.252.2.8,80.252.2.9,80.252.2.10,80.252.2.11,80.252.2.12,80.252.2.13,80.252.2.14,80.252.2.15,80.252.2.16,80.252.2.17,80.252.2.18,80.252.2.19,80.252.2.20,80.252.2.21,80.252.2.22,80.252.2.23,80.252.2.24,80.252.2.25,80.252.2.26,80.252.2.27,80.252.2.28,80.252.2.29,80.252.2.30,80.252.2.31,80.252.2.32,80.252.2.33,80.252.2.34,80.252.2.35,80.252.2.36,80.252.2.37,80.252.2.38,80.252.2.39,80.252.2.40,80.252.2.41,80.252.2.42,80.252.2.43,80.252.2.44,80.252.2.45,80.252.2.46,80.252.2.47,80.252.2.48,80.252.2.49,80.252.2.50,80.252.2.51,80.252.2.52,80.252.2.53,80.252.2.54,80.252.2.55,80.252.2.56,80.252.2.57,80.252.2.58,80.252.2.59,80.252.2.60,80.252.2.61,80.252.2.62,80.252.2.63,80.252.2.64,80.252.2.65,80.252.2.80,80.252.2.67,80.252.2.68,80.252.2.69,80.252.2.70,80.252.2.71,80.252.2.72,80.252.2.73,80.252.2.74,80.252.2.75,80.252.2.76,80.252.2.77,80.252.2.78,80.252.2.79,80.252.2.80,80.252.2.81,80.252.2.82,80.252.2.83,80.252.2.84,80.252.2.85,80.252.2.86,80.252.2.87,80.252.2.88,80.252.2.89,80.252.2.90,80.252.2.91,80.252.2.92,80.252.2.93,80.252.2.94,80.252.2.95,80.252.2.96,80.252.2.97,80.252.2.98,80.252.2.99,80.252.2.100,80.252.2.101,80.252.2.102,80.252.2.103,80.252.2.104,80.252.2.105,80.252.2.106,80.252.2.107,80.252.2.108,80.252.2.109,80.252.2.110,80.252.2.111,80.252.2.112,80.252.2.113,80.252.2.114,80.252.2.115,80.252.2.116,80.252.2.117,80.252.2.118,80.252.2.119,80.252.2.120,80.252.2.121,80.252.2.122,80.252.2.123,80.252.2.124,80.252.2.125,80.252.2.126,80.252.2.127" jail_box_rootdir="/usr/jail/box" jail_box_hostname="box.fox-host.net" jail_box_devfs_enable="YES" jail_box_devfs_ruleset="devfsrules_jail" - It worked when I had just one IP in jail_box_ip. Is there a way to make auth listen to all my IPs, or should I switch to oidentd or pidentd? Many thanks! -- http://www.home.no/reddvinylene ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"