jail s vice IP
Zbyněk Burget
zburget at burgnet.cz
Wed Jul 15 18:27:43 CEST 2015
Dne 15. 7. 2015 v 10:37 Peter Rosa napsal(a):
> Ahoj,
>
> vystrel od pasa, ale nepomoze alias?
> Napr. https://www.nesono.com/node/451
>
Takhle to mam v podstate udelano.
Poslu konfigurace, at je jasne, o cem se bavime, vypustim z nich vse
nepodstatne, aby toho nebylo nejak extremne moc
root na charon:~ # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
<---snip--->
inet 217.197.155.190 netmask 0xffffffe0 broadcast 217.197.155.191
inet 192.168.206.89 netmask 0xffffff00 broadcast 192.168.206.255
<---snip--->
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
<---snip--->
inet 217.197.159.193 netmask 0xffffffe0 broadcast 217.197.159.223
inet 217.197.159.194 netmask 0xffffffe0 broadcast 217.197.159.223
inet 217.197.159.195 netmask 0xffffffe0 broadcast 217.197.159.223
inet 217.197.159.196 netmask 0xffffffe0 broadcast 217.197.159.223
inet 217.197.159.197 netmask 0xffffffe0 broadcast 217.197.159.223
inet 217.197.159.198 netmask 0xffffffe0 broadcast 217.197.159.223
<---snip--->
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
<---snip--->
inet 127.0.0.1 netmask 0xff000000
<---snip--->
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
<---snip--->
inet 127.0.1.1 netmask 0xff000000
inet 127.0.1.2 netmask 0xff000000
inet 127.0.1.3 netmask 0xff000000
inet 127.0.1.4 netmask 0xff000000
<---snip--->
root na charon:~ # jls -v
JID Hostname Path
Name State
CPUSetID
IP Address(es)
<---snip--->
12 ftp.burgnet.cz /usr/jail/ftp
ftp ACTIVE
5
127.0.1.4
217.197.159.197
root na charon:~ # more /etc/jail.conf
allow.set_hostname = 0;
allow.sysvipc = 1;
allow.raw_sockets = 1;
exec.clean;
exec.system_user = "root";
exec.jail_user = "root";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_${name}_console.log";
mount.devfs;
<---snip--->
ftp {
host.hostname = "ftp.burgnet.cz";
path = "/usr/jail/ftp";
ip4.addr += "127.0.1.4/32";
ip4.addr += "217.197.159.197/32";
}
root na charon:~ # route get default
route to: default
destination: default
mask: default
gateway: 217.197.155.161
fib: 0
interface: em0
-------------------------------------------------------
dostupnost zarizeni z jailu pres interface em1 (vnitrni interface)
root na ftp:~ # ping 217.197.159.222
PING 217.197.159.222 (217.197.159.222): 56 data bytes
64 bytes from 217.197.159.222: icmp_seq=0 ttl=64 time=9.993 ms
root na ftp:~ # ping 217.197.146.2
PING 217.197.146.2 (217.197.146.2): 56 data bytes
64 bytes from 217.197.146.1: icmp_seq=0 ttl=64 time=3.006 ms
root na ftp:~ # traceroute 217.197.146.2
traceroute to 217.197.146.2 (217.197.146.2), 64 hops max, 52 byte packets
1 217.197.159.222 (217.197.159.222) 8.058 ms 18.829 ms 6.616 ms
2 217.197.146.2 (217.197.146.2) 11.216 ms 7.087 ms 15.398 ms
ale (ne)dostupnost zarizeni z jailu pres interface emé (venkovni interface)
root na ftp:~ # ping 217.197.155.190 <- moje IP adresa
PING 217.197.155.190 (217.197.155.190): 56 data bytes
64 bytes from 217.197.155.190: icmp_seq=0 ttl=64 time=0.043 ms
root na ftp:~ # ping 217.197.155.161 <- IP moji brany
PING 217.197.155.161 (217.197.155.161): 56 data bytes
ping: sendto: Can't assign requested address
premyslim, jestli by byla relevantni jeste nejaká informace, ale uz me
nic nenapada
Zbyněk Burget
Mlýnská 397
798 26 Nezamyslice
tel: 588 580 000, 739 930 931
http://www.burgnet.cz
IČ: 606 88 220; DIČ: CZ7210184674
More information about the Users-l
mailing list