On 22/02/2013 05:52, Devin Teske wrote:
What I find strange is that:
1. I knew about ListenAddress w/respect to jails, but...
2. We are not changing it (sshd_config has no ListenAddress -- leading to
default values used), yet...
3. Base machine and jails both work fine
Not sure when it's required versus not, because we're running fine without that
change here with over a dozen jails.
The only thing I've ever noticed is that we tend to use
jail_NAME_ip="iface|addr" while most everybody else seems to be using
jail_NAME_ip="addr".
We may need to expand out from that. I use jail_NAME_ip="addr" but also
ipv4_addrs_re0="10.0.0.254/24 10.0.0.1-5/24"
route_jaillan0="-net 10.0.0.0/24 10.0.0.254"
static_routes="jaillan0"
Don't recall where I got that from but think it was an easy way to alias
a number of ip's whereas ifconfig_<iface>_alias0 sets one ip at a time
and is also deprecated.
If you use jail_NAME_ip="iface|addr" does this mean you don't have ip
addresses aliased to the iface on startup and they get aliased as the
jail starts? That would be why sshd isn't bound to the address before.
man rc.conf for jail_<jname>_ip says "... Additionally each address can
be prefixed by the name of an interface followed by a pipe to overwrite"
does that mean it clears the ip from the base system and re-creates it
for the jail?
I also see jail_<jname>_interface "...When set, sets the interface to
use when setting IP address alias. Note that the alias is created at
jail startup and removed at jail shutdown."
Which is what sounds like the solution to not have ip's available when
sshd starts so it isn't bound to them.
Also what sys version were these options added?
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
