jail s vice IP

Zbyněk Burget zburget at burgnet.cz
Wed Jul 15 18:27:43 CEST 2015


Dne 15. 7. 2015 v 10:37 Peter Rosa napsal(a):
> Ahoj,
>
> vystrel od pasa, ale nepomoze alias?
> Napr. https://www.nesono.com/node/451
>

Takhle to mam v podstate udelano.

Poslu konfigurace, at je jasne, o cem se bavime, vypustim z nich vse 
nepodstatne, aby toho nebylo nejak extremne moc

root na charon:~ # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         <---snip--->
         inet 217.197.155.190 netmask 0xffffffe0 broadcast 217.197.155.191
         inet 192.168.206.89 netmask 0xffffff00 broadcast 192.168.206.255
         <---snip--->
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         <---snip--->
         inet 217.197.159.193 netmask 0xffffffe0 broadcast 217.197.159.223
         inet 217.197.159.194 netmask 0xffffffe0 broadcast 217.197.159.223
         inet 217.197.159.195 netmask 0xffffffe0 broadcast 217.197.159.223
         inet 217.197.159.196 netmask 0xffffffe0 broadcast 217.197.159.223
         inet 217.197.159.197 netmask 0xffffffe0 broadcast 217.197.159.223
         inet 217.197.159.198 netmask 0xffffffe0 broadcast 217.197.159.223
         <---snip--->
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
         <---snip--->
         inet 127.0.0.1 netmask 0xff000000
         <---snip--->
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
         <---snip--->
         inet 127.0.1.1 netmask 0xff000000
         inet 127.0.1.2 netmask 0xff000000
         inet 127.0.1.3 netmask 0xff000000
         inet 127.0.1.4 netmask 0xff000000
         <---snip--->


root na charon:~ # jls -v
    JID  Hostname                      Path
         Name                          State
         CPUSetID
         IP Address(es)
         <---snip--->
     12  ftp.burgnet.cz                /usr/jail/ftp
         ftp                           ACTIVE
         5
         127.0.1.4
         217.197.159.197


root na charon:~ # more /etc/jail.conf
allow.set_hostname = 0;
allow.sysvipc = 1;
allow.raw_sockets = 1;
exec.clean;
exec.system_user = "root";
exec.jail_user = "root";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_${name}_console.log";
mount.devfs;
         <---snip--->
ftp {
         host.hostname = "ftp.burgnet.cz";
         path = "/usr/jail/ftp";
         ip4.addr += "127.0.1.4/32";
         ip4.addr += "217.197.159.197/32";
}



root na charon:~ # route get default
    route to: default
destination: default
        mask: default
     gateway: 217.197.155.161
         fib: 0
   interface: em0


-------------------------------------------------------

dostupnost zarizeni z jailu pres interface em1 (vnitrni interface)

root na ftp:~ # ping 217.197.159.222
PING 217.197.159.222 (217.197.159.222): 56 data bytes
64 bytes from 217.197.159.222: icmp_seq=0 ttl=64 time=9.993 ms

root na ftp:~ # ping 217.197.146.2
PING 217.197.146.2 (217.197.146.2): 56 data bytes
64 bytes from 217.197.146.1: icmp_seq=0 ttl=64 time=3.006 ms

root na ftp:~ # traceroute 217.197.146.2
traceroute to 217.197.146.2 (217.197.146.2), 64 hops max, 52 byte packets
  1  217.197.159.222 (217.197.159.222)  8.058 ms  18.829 ms  6.616 ms
  2 217.197.146.2 (217.197.146.2)  11.216 ms 7.087 ms  15.398 ms

ale (ne)dostupnost zarizeni z jailu pres interface emé (venkovni interface)

root na ftp:~ # ping 217.197.155.190         <- moje IP adresa
PING 217.197.155.190 (217.197.155.190): 56 data bytes
64 bytes from 217.197.155.190: icmp_seq=0 ttl=64 time=0.043 ms

root na ftp:~ # ping 217.197.155.161         <- IP moji brany
PING 217.197.155.161 (217.197.155.161): 56 data bytes
ping: sendto: Can't assign requested address


premyslim, jestli by byla relevantni jeste nejaká informace, ale uz me 
nic nenapada



Zbyněk Burget
Mlýnská 397
798 26 Nezamyslice

tel: 588 580 000, 739 930 931
http://www.burgnet.cz
IČ:  606 88 220; DIČ: CZ7210184674




More information about the Users-l mailing list