On 18 Mar 2020, at 15:50, Victor Sudakov wrote:
If sshd in the host is configured to listen on all available
interfaces and
addresses (the default) then it will catch your jails IP too.
Why is it not catching the 192.168.4.204 address then?
You must configure sshd in the host to listen only on hosts IP and
then you
will connect to the jails sshd.
OK, I've stopped the sshd on the host entirely, and restarted the
jails.
Why am I still not seeing the jailed sshd listening on tcp6?
Can you check the logfile inside the jail and see if it complains?
Can you then do a jexec test4 and run service sshd restart and see if it
starts working? If it does, can you add a
exec.start += "sleep 2 ";
to your config and see if your problem goes away? If it does, the
reason is that you configure an IPv6 address to an interface and DUD has
not yet completed by the time sshd or other daemons start. Giving it
the 2 seconds avoids this problem and the address is usable at that
time.
Your theory is probably incorrect.
The theory is incorrect. The jail will always take precedence (at
least since the multi-IP jail patches in 2008).
/bz
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
