/lib/libc.so.7 unsupported file format
Hi, i have a box with FreeBSD-9.1-Release-amd64. I did freebsd-update to the host and to the jails in, one of them is 32bit and since then i get: root@6:/root # jexec 1 /bin/csh /lib/libc.so.7: unsupported file layout root@6:/root # i see /lib/libc.so.7 was updated as i read in some forums, i did: root@6:/root # ldconfig /lib /usr/lib /usr/local/lib root@6:/root # I also tried to do freebsd-update from the jail but install failed with chflags problem. I tried freebsd-update with -b and -c to point to the jail freebsd-update i /var by doing fetch in the jail and install from the host.. without success, For now i rolled back the changes. Any hints to workaround this? Thanks in advance, Sami ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: /lib/libc.so.7 unsupported file format
Hi, is there a simple way to interpret the data in /var/db/freebsd-update that sits inside a jail, from HOST and install the updates that already fetched somehow ? Sami On Thu, Oct 10, 2013 at 2:35 PM, Mark Felder wrote: > > > On Wed, Oct 9, 2013, at 23:22, Sami Halabi wrote: > > Hi, > > i have a box with FreeBSD-9.1-Release-amd64. > > I did freebsd-update to the host and to the jails in, one of them is > > 32bit > > and since then i get: > > > > root@6:/root # jexec 1 /bin/csh > > /lib/libc.so.7: unsupported file layout > > root@6:/root # > > > > i see /lib/libc.so.7 was updated > > > > as i read in some forums, i did: > > root@6:/root # ldconfig /lib /usr/lib /usr/local/lib > > root@6:/root # > > > > I also tried to do freebsd-update from the jail but install failed with > > chflags problem. > > > > I tried freebsd-update with -b and -c to point to the jail freebsd-update > > i /var by doing fetch in the jail and install from the host.. without > > success, > > > > For now i rolled back the changes. > > > > Any hints to workaround this? > > > > I'm not sure that freebsd-update is supported for doing updates of 32bit > jails on 64bit hosts. You might have to do the upgrade yourself from > source. > ___ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" > -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: /lib/libc.so.7 unsupported file format
Hi, thanks for replying me so fast. what i ment is: 1. in the jail (32 bit) to do: freebsd-update fetch # ls /var/db/freebsd-update/ ./ ../ f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-install@ filelist files/ install.TggE71/ pub.ssl serverlist serverlist_full serverlist_tried tINDEX.present tag root@sami:/ # root@sami:/ # more /var/db/freebsd-update/tag freebsd-update|i386|9.1-RELEASE|7|b3924864da0e125ff57d2f9894347dbc0e130ae32a0647126d5109dbc099981e|1420070400 root@sami:/ # 2. since inside the jail: root@sami:/ # freebsd-update install Installing updates...chflags: ///lib/libc.so.7: Operation not permitted root@sami:/ # not working because of chflags (maybe there is a sysctl that will allow a jail to chflags??) i thought that maybe there is some way to do it from outside the jail. unfortunattly doing simple: root@6:/root # freebsd-update -b /usr/jails/sami -d /usr/jails/sami/var/db/freebsd-update/ install No updates are available to install. Run '/usr/sbin/freebsd-update fetch' first. root@6:/root # i thought if there is some way to interpret the data and installing using the host (maybe manually somehow...), or even changing the chflags inside the jail to an executable that return success no matter what... Sami On Thu, Oct 10, 2013 at 2:55 PM, Mark Felder wrote: > On Thu, Oct 10, 2013, at 6:48, Sami Halabi wrote: > > Hi, > > is there a simple way to interpret the data in /var/db/freebsd-update > > that > > sits inside a jail, from HOST and install the updates that already > > fetched > > somehow ? > > > > freebsd-update uses binary patches. They are not entire files you could > simply replace on your system. As you have witnessed, applying a binary > patch intended for a 64bit binary to a 32bit binary has dire > consequences. Unfortunately the data in /var/db/freebsd-update is > completely worthless for your 32bit jail. > ___ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" > -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: /lib/libc.so.7 unsupported file format
Hi, # sysctl security.jail.param.allow.chflags=1 security.jail.param.allow.chflags: 0 -> 0 the sysctl is not working, maybe it should be set on /boot/loder.conf what i did is the following: 1. inside the jail a. i renamed /bin/chflags to /bin/chfalgs-old b. created /bin/chflags with the following: #!/bin/csh -f echo sami > /dev/null 2. a freebsd-update install in the jail yeilds installing the updates with errors on /lib/libc.so.7 & /usr/bin/login 3. i did freebsd-update rollback 4. in the host i did: a. chflags noschg /usr/jails/sami/lib/libc.so.7 b. chflags noschg /usr/jails/sami/usr/bin/login 5. in the jail i did: a. freebsd-update fetch b. freebsd-update install 6. in the host i did: a. chflags schg /usr/jails/sami/lib/libc.so.7 b. chflags schg /usr/jails/sami/usr/bin/login 7. inside the jail a. removed /bin/chflags b. i renamed /bin/chflags-old to /bin/chfalgs Worked for me. Thanks for trying to hel pme, Sami On Thu, Oct 10, 2013 at 3:06 PM, Mark Felder wrote: > On Thu, Oct 10, 2013, at 7:03, Sami Halabi wrote: > > Hi, > > thanks for replying me so fast. > > > > what i ment is: > > 1. in the jail (32 bit) to do: > > freebsd-update fetch > > > > # ls /var/db/freebsd-update/ > > ./ > > ../ > > f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-install@ > > filelist > > files/ > > install.TggE71/ > > pub.ssl > > serverlist > > serverlist_full > > serverlist_tried > > tINDEX.present > > tag > > root@sami:/ # > > > > root@sami:/ # more /var/db/freebsd-update/tag > > > freebsd-update|i386|9.1-RELEASE|7|b3924864da0e125ff57d2f9894347dbc0e130ae32a0647126d5109dbc099981e|1420070400 > > root@sami:/ # > > > > 2. since inside the jail: > > root@sami:/ # freebsd-update install > > Installing updates...chflags: ///lib/libc.so.7: Operation not permitted > > root@sami:/ # > > > > not working because of chflags (maybe there is a sysctl that will allow a > > jail to chflags??) > > > > i thought that maybe there is some way to do it from outside the jail. > > > > unfortunattly doing simple: > > root@6:/root # freebsd-update -b /usr/jails/sami -d > > /usr/jails/sami/var/db/freebsd-update/ install > > No updates are available to install. > > Run '/usr/sbin/freebsd-update fetch' first. > > root@6:/root # > > > > i thought if there is some way to interpret the data and installing using > > the host (maybe manually somehow...), or even changing the chflags inside > > the jail to an executable that return success no matter what... > > > > There is a sysctl for chflags: > > security.jail.param.allow.chflags > > and you can check if you have that access from within the jail via: > > security.jail.chflags_allowed > > I have not tried to do what you're attempting before simply because I've > very rarely run 32bit jails on 64bit hosts. Hopefully this gets you in > the right direction. > ___ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" > -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Configuring network without ezjail
hi,
I think you need to configure the ip in the host first kater it'll be seen
in the jail.
using rf 1918 addreses means you need NAT in your router to have access
the internet.
rather than that using the term 'routing' is incorrecg unless you have
multiple hops to get the packets to the router.
Sami
בתאריך 13 בדצמ׳ 2015 6:45 AM, "marcel" כתב:
>
>
> On 12/12/2015 02:59, Michael B. Eichorn wrote:
> > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
> >> On Sat, 2015-12-12 at 02:08 +, marcel wrote:
> >>> ... and I think I have enabling gateway, I wrote thins in both of
> >>> my
> >>> rc.conf (jail and host):
> >>>
> >>> gateway_enable="YES"
> >>>
> >>> Is it correct ?
> >> You only need gateway_enable if you are doing routing, it is not
> >> necessary for a typical jail setup. Most of the time you are just
> >> adding an alias to the host's nic.
> OK so if I want to my jail can access to internet I have to do routing,
> right ?
> >>> But I don't think I have DNS problems, my host correctly access to
> >>> the
> >>> internet and the resolv.conf of my jail and my host are same...
> >>>
> >>> On 12/12/2015 01:50, marcel wrote:
> No I don't get to have an IP address... Yet I have writed this in
> my
> host's rc.conf:
>
> jail_enable="YES"
> jail_list="thename"
> jail_guantanamo_rootdir="thepath"
> jail_guantanamo_hostname="thename"
> jail_guantanamo_ip="192.168.0.12"
>
> and I use the command:
>
> jail thepath thename 192.168.0.12 /bin/csh
>
> to connect to my jail...
>
> On 11/12/2015 23:31, Dirk Engling wrote:
> > On 12.12.15 01:19, marcel wrote:
> >
> >> I would like to know if it is possible to configure a jail's
> >> network for
> >> accessing to the World Wide Web but without ezjail ?
> >> I have created my jail without ezjail (mkdir jail, make
> >> installworld,
> >> etc...) and I would like to continue without it if it's
> >> possible...
> > Sure, why doesn't it connect to the net? Does it have a RFC1918
> > IP? If
> > so, you need to enable NAT. If not, did you enable gatewaying?
> > Maybe you
> > just have DNS problems, so is your resolv.conf set up properly?
> >
> > Without knowing what exactly is not working, I can not help
> > you.
> >
> > erdgeist
> >> I think you found some old instructions, assuming a 10.x system here
> >> is
> >> the boilerplate for a typical jail:
> >>
> >> rc.conf:
> >>
> >> jail_enable="YES"
> >>
> >> jail.conf:
> >>
> >> interface = re0;
> >> mount.devfs;
> >> exec.start = "/bin/sh /etc/rc";
> >> exec.stop = "/bin/sh /etc/rc.shutdown";
> >>
> >> thenameofthejail {
> >> host.hostname = host.domain.tld;
> >> path = /the/path/to/the/jail
> >> ip4.addr = 192.168.0.12;
> >> }
> >>
> >> and start it up with
> >>
> >> # jail -c thenameofthejail
> >>
> >> And another handy tip you can avoid building a jail with make by
> >> extacting the base.txz file found in places like the install media
> >> into
> >> the jail directory
> OK, so my jail.conf look like your jail.conf and when I type jls my jail
> have the IP 192.168.0.12 but when I type ifconfig in my jail I have no
> ip...
> > Oh and before I forget, the trickiest thing for me moving from ezjail
> > to jail was updating. Assuming your jails are complete base systems and
> > that you would like to use binary updates with freebsd-update, and you
> > have completely sparated jails without any funny tricks to save space,
> > here is Ike's simple jail update guide:
> >
> > edit the jail's freebsd-update.conf and change
> >
> > Components src world kernel
> > -to-
> > Components world
> >
> > then run freebsd-update like so:
> >
> > # freebsd-update -b /usr/jails/jaildir \
> > -f usr/jails/jaildir/etc/freebsd-update.conf \
> > -d /usr/jails/jaildir/var/db/freebsd-update fetch
> > # freebsd-update -b /usr/jails/jaildir \
> > -f /usr/jails/jaildir/etc/freebsd-update.conf \
> > -d /usr/jails/jaildir/var/db/freebsd-update install
> >
> > Using the -f flag keeps the jail from using the host config since jails
> > cannot update kernels anyway. And -d keeps jails and hosts from
> > trampling each other which is nice if you want to do more than one at a
> > time, or if you use freebsd-update cron.
> Thanks for tip !
> ___
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: A web server behind two gateways?
Hi, simple solution i can think about is: 1. launch 1st jail apache/nginx with db (mysql?) ve sure to use mysql address accesible vian jail2 (maybe epair), this jail will use default route, lets say wan1. 2. launch 2nd jail with vnet, default route wan2, mount the same data directories as jail1, and apache/nginx, since the ip of the db is the internal ip between jails it'll connect to the 1st db. this way you have 2 jails that share same data dir but service users vian different wans behind nat. Hope the idea helps. Sami בתאריך 17 ביולי 2017 02:34 PM, "Eugene Grosbein" כתב: > On 16.07.2017 19:48, Grzegorz Junka wrote: > > Hello, > > > > I have a jail running a web server in LAN. There are two routers/WANs > > that can connect LAN to the internet. I enabled NAT and port forwarding > > to the web server on both routers. > > > > The problem is that the web server responds to requests only from one > > router at a time depending on the default gateway set on the jail's > > host. If the default gateway is set as router 1 then the web page can be > > opened only through WAN1 and vice versa. > > > > Can I configure either router/host/jail so that the web server sends the > > response back to the IP that sent the request packet rather than to the > > default gateway? > > This is the job of external NAT box to route translated replys to right WAN > based on external source IP address produced during translation of the > reply. > The jail or internal NAT have nothing to do with the problem. > > So, the solution depends of kind of NAT you use. > > > And a bonus question, how can I configure two jails so that each jail > > sends packets to a different gateway (which may or may not be the same > > as the jails' host's default gateway)? > > Read "man jail" for "vnet" feature. > > ___ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" > ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
9 netstat in a jail, 12 vs 13
Compile static binary of netstat and copy it to the jail may solve your problem. Sami בתאריך יום ה׳, 31 בינו׳ 2019, 20:09, מאת Christer Edwards < christer.edwa...@gmail.com>: > On Thu, Jan 31, 2019 at 9:29 AM Michael W. Lucas < > mwlu...@michaelwlucas.com> > wrote: > > > > > 12.0 jail on -current host: > > > > root@loghost:~ # sockstat -4 > > sockstat: struct xinpgen size mismatch > > root@loghost:~ # netstat -na -f inet > > netstat: kvm not available: /dev/mem: No such file or directory > > Some tcp sockets may have been deleted. > > Some udp sockets may have been deleted. > > > I have seen this happen anytime I have run a jail where the version does > not exactly match the host. sockstat always fails with 'sockstat: struct > xinpgen size mismatch' > > Very interested in a solution / patch / workaround myself. > > Christer > ___ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" > ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
linux debian jail - network problems
Hi all, sorry for the cross post but I need help and I'm not sure where it hangs. I create linux jail (debian bullseye) via cbsd. the jail is being populated with the debian userland.. so far so good... services running (sshd) and I can login to the jail, I also can update packages and I can install apache httpd and all works fine (apt install or make from src). I also manage to install packages even if their scripts depend on "ip" command that fails: cbsd@j2> ip Cannot open netlink socket: Address family not supported by protocol ifconfig show empty interfaces: cbsd@j2> ifconfig eth0: flags=4163 mtu 1500 ether 00:50:56:0a:b3:a0 (Ethernet) RX packets 139798314 bytes 12029597009 (11.2 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 26879143 bytes 34400160833 (32.0 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo0: flags=4169 mtu 16384 loop (Local Loopback) RX packets 28548 bytes 160312960 (152.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 28548 bytes 160312960 (152.8 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 I know linux emulation doesn't implement netlink.. so what I do is fake the response by replacing /bin/ip by a bash script that prints the correct IP and fakes some other (needed by packages i Installed): #!/bin/bash if [ "$1" = "-o" ]; then echo "1: eth0 inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0" elif [ "$1" = "route" ]; then if [ "$2" = "get" ]; then echo "8.8.8.8 via 192.168.1.2 dev eth0 src 192.168.1.2 " else echo "default via 192.168.1.2 dev eth0" fi else echo "1: eth0: mtu 1500 qdisc mq state UP qlen 1000" echo " inet 192.168.1.2 /24 brd 192.168.1.255 scope global eth0" still ifconfig shows no IP... its time to say it a regular jail and *NOT* VNET. *however* package that pull ips via libraries fail.. eg: installed bind916 (name) in the logs I see these errors (relevant only): cbsd@j2> service named start Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) failed: Invalid argument cbsd@j2> log file shows: 22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Internet Systems Consortium, 22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit 501(c)(3) public-benefit 22-Feb-2022 23:11:58.705 general: notice: corporation. Support and training for BIND 9 are 22-Feb-2022 23:11:58.705 general: notice: available at https://www.isc.org/support 22-Feb-2022 23:11:58.705 general: notice: 22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker threads 22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interface 22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets 22-Feb-2022 23:11:58.715 general: info: loading configuration from '/etc/bind/named.conf' 22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors from file '/etc/bind/bind.keys' 22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in '/usr/share/GeoIP' 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port range: [1024, 65535] 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port range: [1024, 65535] 22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found 22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79: unexpected error: 22-Feb-2022 23:11:58.715 general: error: getting interface addresses: getifaddrs: Address family not supported by protocol 22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces *snip* *snip* 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel 127.0.0.1#953: permission denied 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel 127.0.0.1#953: permission denied 22-Feb-2022 23:11:58.735 zoneload: info: managed-keys-zone: loaded serial 24 22-Feb-2022 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded serial 1 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: 22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS) failed: Protocol not available 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: 22-Feb-2022 23:11:58.735 general: error: setsockopt(513, IP_RECVTOS) failed: Protocol not available 22-Feb-2022 23:11:58.745 zoneload: info: zone 255.in-addr.arpa/IN: loaded serial 1 22-Feb-2022 23:11:58.745 zoneload: info: zone j1.royalshells.com/IN: loaded serial 2022022106 22-Feb-2022 23:11:58.745 notify: info: zone j1.royals
Re: linux debian jail - network problems
Hi, Added Current, maybe will be lucky ;) Anyone have idea how approach and fix this? Sami בתאריך יום ג׳, 22 בפבר׳ 2022, 23:30, מאת Sami Halabi : > Hi all, > sorry for the cross post but I need help and I'm not sure where it hangs. > > I create linux jail (debian bullseye) via cbsd. > the jail is being populated with the debian userland.. > so far so good... services running (sshd) and I can login to the jail, I > also can update packages and I can install apache httpd and all works fine > (apt install or make from src). > I also manage to install packages even if their scripts depend on "ip" > command that fails: > cbsd@j2> ip > Cannot open netlink socket: Address family not supported by protocol > > ifconfig show empty interfaces: > cbsd@j2> ifconfig > eth0: flags=4163 mtu 1500 > ether 00:50:56:0a:b3:a0 (Ethernet) > RX packets 139798314 bytes 12029597009 (11.2 GiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 26879143 bytes 34400160833 (32.0 GiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > lo0: flags=4169 mtu 16384 > loop (Local Loopback) > RX packets 28548 bytes 160312960 (152.8 MiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 28548 bytes 160312960 (152.8 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > I know linux emulation doesn't implement netlink.. so what I do is fake > the response by replacing /bin/ip by a bash script that prints the correct > IP and fakes some other (needed by packages i Installed): > #!/bin/bash > if [ "$1" = "-o" ]; then > echo "1: eth0 inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0" > elif [ "$1" = "route" ]; then > if [ "$2" = "get" ]; then > echo "8.8.8.8 via 192.168.1.2 dev eth0 src > 192.168.1.2 " > else > echo "default via 192.168.1.2 dev eth0" > fi > else > echo "1: eth0: mtu 1500 qdisc mq state > UP qlen 1000" > echo " inet 192.168.1.2 /24 brd 192.168.1.255 scope global eth0" > > > still ifconfig shows no IP... its time to say it a regular jail and *NOT* > VNET. > > *however* package that pull ips via libraries fail.. > eg: installed bind916 (name) in the logs I see these errors (relevant > only): > cbsd@j2> service named start > Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) > failed: Invalid argument > cbsd@j2> > > > log file shows: > 22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Internet > Systems Consortium, > 22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit > 501(c)(3) public-benefit > 22-Feb-2022 23:11:58.705 general: notice: corporation. Support and > training for BIND 9 are > 22-Feb-2022 23:11:58.705 general: notice: available at > https://www.isc.org/support > 22-Feb-2022 23:11:58.705 general: notice: > > 22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker > threads > 22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interface > 22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets > 22-Feb-2022 23:11:58.715 general: info: loading configuration from > '/etc/bind/named.conf' > 22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors > from file '/etc/bind/bind.keys' > 22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in > '/usr/share/GeoIP' > 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port range: > [1024, 65535] > 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port range: > [1024, 65535] > 22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found > 22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79: > unexpected error: > 22-Feb-2022 23:11:58.715 general: error: getting interface addresses: > getifaddrs: Address family not supported by protocol > 22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces > *snip* > *snip* > 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: > 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) > failed: Protocol not available > 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel > 127.0.0.1#953: permission denied > 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: > 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) > failed: Protocol not available > 22-Feb-202
Re: linux debian jail - network problems
Hi, Thank you for your response.. I wonder if Is it really only netlink problem? Their are fee problems in the logs.. I dont kbow if they all related only to netlink (prctl immutable for example).. I also saw oncompatibilities in socket.c Btw: I tried to enter the link you sent and it asked for username and password.. its not public review? Sami בתאריך יום ו׳, 25 בפבר׳ 2022, 04:18, מאת Zhenlei Huang < zlei.hu...@gmail.com>: > Hi, > You can also track the WIP netlink feature, > https://reviews.freebsd.org/D33975 > > On Feb 25, 2022, at 4:05 AM, Sami Halabi wrote: > > Hi, > Added Current, maybe will be lucky ;) > > Anyone have idea how approach and fix this? > > Sami > > בתאריך יום ג׳, 22 בפבר׳ 2022, 23:30, מאת Sami Halabi >: > >> Hi all, >> sorry for the cross post but I need help and I'm not sure where it hangs. >> >> I create linux jail (debian bullseye) via cbsd. >> the jail is being populated with the debian userland.. >> so far so good... services running (sshd) and I can login to the jail, I >> also can update packages and I can install apache httpd and all works fine >> (apt install or make from src). >> I also manage to install packages even if their scripts depend on "ip" >> command that fails: >> cbsd@j2> ip >> Cannot open netlink socket: Address family not supported by protocol >> >> ifconfig show empty interfaces: >> cbsd@j2> ifconfig >> eth0: flags=4163 mtu 1500 >> ether 00:50:56:0a:b3:a0 (Ethernet) >> RX packets 139798314 bytes 12029597009 (11.2 GiB) >> RX errors 0 dropped 0 overruns 0 frame 0 >> TX packets 26879143 bytes 34400160833 (32.0 GiB) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> >> lo0: flags=4169 mtu 16384 >> loop (Local Loopback) >> RX packets 28548 bytes 160312960 (152.8 MiB) >> RX errors 0 dropped 0 overruns 0 frame 0 >> TX packets 28548 bytes 160312960 (152.8 MiB) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> >> I know linux emulation doesn't implement netlink.. so what I do is fake >> the response by replacing /bin/ip by a bash script that prints the correct >> IP and fakes some other (needed by packages i Installed): >> #!/bin/bash >> if [ "$1" = "-o" ]; then >> echo "1: eth0 inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0" >> elif [ "$1" = "route" ]; then >> if [ "$2" = "get" ]; then >> echo "8.8.8.8 via 192.168.1.2 dev eth0 src >> 192.168.1.2 " >> else >> echo "default via 192.168.1.2 dev eth0" >> fi >> else >> echo "1: eth0: mtu 1500 qdisc mq state >> UP qlen 1000" >> echo " inet 192.168.1.2 /24 brd 192.168.1.255 scope global eth0" >> >> >> still ifconfig shows no IP... its time to say it a regular jail and *NOT* >> VNET. >> >> *however* package that pull ips via libraries fail.. >> eg: installed bind916 (name) in the logs I see these errors (relevant >> only): >> cbsd@j2> service named start >> Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) >> failed: Invalid argument >> cbsd@j2> >> >> >> log file shows: >> 22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by >> Internet Systems Consortium, >> 22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit >> 501(c)(3) public-benefit >> 22-Feb-2022 23:11:58.705 general: notice: corporation. Support and >> training for BIND 9 are >> 22-Feb-2022 23:11:58.705 general: notice: available at >> https://www.isc.org/support >> 22-Feb-2022 23:11:58.705 general: notice: >> >> 22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker >> threads >> 22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per >> interface >> 22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets >> 22-Feb-2022 23:11:58.715 general: info: loading configuration from >> '/etc/bind/named.conf' >> 22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors >> from file '/etc/bind/bind.keys' >> 22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in >> '/usr/share/GeoIP' >> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port >> range: [1024, 65535] >
running cron jobs setpriority permission denied
Hi, I have a jail ran by cbsd which has a cronjob like this: * * * * * root /usr/local/directadmin/dataskq I see every minute this error logged in /var/log/messages: cron[71002]: setpriority 'root' (daemon): Permission denied I see in ps xau that it runs but at nobody user even when loggin to the jail I have: cron[68825]: setpriority 'root' (daemon): Permission denied login[68900]: setpriority 'root' (root): Permission denied jexec[69404]: setpriority 'root' (root): Permission denied # uname -a FreeBSD j5.sody.com 12.3-RELEASE-p1 FreeBSD 12.3-RELEASE-p1 GENERIC amd64 what am I missing? Sami -- Sami Halabi Information Systems Engineer NMS Projects Expert, FreeBSD SysAdmin Expert Asterisk Expert
Re: running cron jobs setpriority permission denied
Hi, Thank You!! indeed that helped! Sami On Wed, Mar 9, 2022 at 11:03 AM Ronald Klop wrote: > It sounds similar to this issue. > > https://github.com/cbsd/cbsd/issues/437 "default nice 1 prevents cron in > jail #437" > > Does that help? > > Regards, > Ronald. > > > > *Van:* Sami Halabi > *Datum:* dinsdag, 8 maart 2022 22:00 > *Aan:* freebsd-sta...@freebsd.org, FreeBSD Current < > freebsd-curr...@freebsd.org>, freebsd-jail@freebsd.org, > freebsd-...@freebsd.org, Oleg Ginzburg > *Onderwerp:* running cron jobs setpriority permission denied > > Hi, > > I have a jail ran by cbsd which has a cronjob like this: > * * * * * root /usr/local/directadmin/dataskq > > I see every minute this error logged in /var/log/messages: > cron[71002]: setpriority 'root' (daemon): Permission denied > > I see in ps xau that it runs but at nobody user > > even when loggin to the jail I have: > cron[68825]: setpriority 'root' (daemon): Permission denied > login[68900]: setpriority 'root' (root): Permission denied > jexec[69404]: setpriority 'root' (root): Permission denied > > # uname -a > FreeBSD j5.sody.com 12.3-RELEASE-p1 FreeBSD 12.3-RELEASE-p1 GENERIC amd64 > > what am I missing? > > Sami > > -- > Sami Halabi > Information Systems Engineer > NMS Projects Expert, FreeBSD SysAdmin Expert > Asterisk Expert > > -- Sami Halabi Information Systems Engineer NMS Projects Expert, FreeBSD SysAdmin Expert Asterisk Expert
Multiple IPS - Freebsd 7.1
hi everyone, I saw a lot of messages about this so here is it - i just patched it (took me a day but okay :) i just downloaded the latest src using this sup file - cvsup: http://www.royalshells.com/download/freebsd/stable-supfile # cvsup stable-supfile i applied the following patch (which i changed to get to work with the current src): http://www.royalshells.com/download/freebsd/bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff to patch do: # cd /usr/src # patch -p6 < bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff after done re-compile the kernel: # cp /usr/src/sys/netinet/in_pcb.h /usr/include/netinet/ # cp /usr/src/sys/sys/jail.h /usr/include/sys/ clean obj dir: --- # rm -Rf /usr/obj/* compile jail and jls: # cd /usr/src/usr.sbin/jail/ # make clean && make depend && make install # cd /usr/src/usr.sbin/jls/ # make clean && make depend && make install compile the kernel: - # cd /usr/src # make buildworld # make buildkernel KERNCONF=GENERIC # make installworld # make installkernel KERNCONF=GENERIC # mergemaster -U after reboot: # uname -a FreeBSD server.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #0: Tue Sep 30 20:03:00 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 # check the patch: # jail usage: jail [-hi] [-n jailname] [-J jid_file] [-s securelevel] [-l -u username | -U username] path hostname [ip[,..]] command ... # Enjoy. Sami ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Multiple IPS - Freebsd 7.1
bz, your right. i've posted that link :) Sami On Wed, Oct 1, 2008 at 2:08 PM, Bjoern A. Zeeb < [EMAIL PROTECTED]> wrote: > On Wed, 1 Oct 2008, Sami Halabi wrote: > > Hi, > > i applied the following patch (which i changed to get to work with the >> current src): >> >> http://www.royalshells.com/download/freebsd/bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff >> > > I do not know what the "Fixed_By_Sody_1.10.08" part is but > it's at least based on a backlevel patch of mine so I hope > someone fixed the locking for 7.1-PRE. > > I had posted a patch for 7-STABLE (7.1-PRE) last month > http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff > so taking that one you could have save yourself a lot of time I guess. > > In case you have changes it would be good to know what you did > or what I do not have so the do not have forks as my version will hit > HEAD soon and has changed (also the user space) since July. > > /bz > > -- > Bjoern A. Zeeb Stop bit received. Insert coin for new game. > ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Multiple IPS - Freebsd 7.1
hi, i didn't try it. i just saw a new path from bz and tried it, now compiling, here is it: http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff Sami royalshells.com, loyalness.com, On Wed, Oct 1, 2008 at 1:56 PM, Steven Hartland <[EMAIL PROTECTED]>wrote: > I would dearly like to see this make the 7.1 release, multi IP's in order > to support backend interfaces in jails, is something that we hit against > all the time. > > Regards > Steve > ----- Original Message - From: "Sami Halabi" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, October 01, 2008 12:21 PM > Subject: Multiple IPS - Freebsd 7.1 > > > hi everyone, >> >> I saw a lot of messages about this so here is it - i just patched it (took >> me a day but okay :) >> >> i just downloaded the latest src using this sup file - cvsup: >> http://www.royalshells.com/download/freebsd/stable-supfile >> >> # cvsup stable-supfile >> >> >> i applied the following patch (which i changed to get to work with the >> current src): >> >> http://www.royalshells.com/download/freebsd/bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff >> >> to patch do: >> # cd /usr/src >> # patch -p6 < bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff >> >> after done re-compile the kernel: >> # cp /usr/src/sys/netinet/in_pcb.h /usr/include/netinet/ >> # cp /usr/src/sys/sys/jail.h /usr/include/sys/ >> >> clean obj dir: >> --- >> # rm -Rf /usr/obj/* >> >> compile jail and jls: >> >> # cd /usr/src/usr.sbin/jail/ >> # make clean && make depend && make install >> # cd /usr/src/usr.sbin/jls/ >> # make clean && make depend && make install >> >> compile the kernel: >> - >> # cd /usr/src >> # make buildworld >> # make buildkernel KERNCONF=GENERIC >> # make installworld >> # make installkernel KERNCONF=GENERIC >> # mergemaster -U >> >> after reboot: >> # uname -a >> FreeBSD server.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #0: Tue Sep 30 >> 20:03:00 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC >> i386 >> # >> >> check the patch: >> # jail >> usage: jail [-hi] [-n jailname] [-J jid_file] [-s securelevel] [-l -u >> username | -U username] path hostname [ip[,..]] command ... >> # >> >> Enjoy. >> >> Sami >> ___ >> freebsd-jail@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to "[EMAIL PROTECTED]" >> >> > > This e.mail is private and confidential between Multiplay (UK) Ltd. and the > person or entity to whom it is addressed. In the event of misdirection, the > recipient is prohibited from using, copying, printing or otherwise > disseminating it or any information contained in it. > In the event of misdirection, illegible or incomplete transmission please > telephone +44 845 868 1337 > or return the E.mail to [EMAIL PROTECTED] > > ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
udp problem in multiple ips jail??
Hi, I have the latest Multiple ips jail patch from bz, my problem is that the outer world can't reach the jail which i installed in it a DNS server... from the jail/host enviromet it works, but from other hosts it simply refuses. dns uses udp port 53... help... Sami ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: udp problem in multiple ips jail??
Hi, It wasn't jail problem after all. seems a local dns problem in my computer. DNS and UDP packets works very good under multiple ips jail. Sami On Sun, Oct 12, 2008 at 9:22 PM, Sami Halabi <[EMAIL PROTECTED]> wrote: > thanks, > the problem was that the dns conf didn't allow queries for > non-authoritative > requests so it always failed. > > jail works fine:) > > Sami > > On Sun, Oct 12, 2008 at 6:32 PM, Bjoern A. Zeeb < > [EMAIL PROTECTED]> wrote: > >> On Sun, 12 Oct 2008, Sami Halabi wrote: >> >> Hi, >>> >>> I have the latest Multiple ips jail patch from bz, my problem is that the >>> outer world >>> can't reach the jail which i installed in it a DNS server... >>> from the jail/host enviromet it works, but from other hosts >>> it simply refuses. >>> >>> dns uses udp port 53... >>> >>> >>> help... >>> >> >> netstat -an >> tcpdump >> sockstat >> ps ax >> netatst -rn >> ifconfig -a >> firewall >> ping >> >> check that all of those are ok. >> >> I'd start to see if I can reach the jail from outside the local >> network by ping/ssh and more forward... >> >> >> -- >> Bjoern A. Zeeb Stop bit received. Insert coin for new game. >> > > ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ezjails
Hi, i just read about the ezjail tool, nasicly i used my own tools, but it sound nice tool. my question is if there is a modified version of ezjails that administrates the multiple ips patched jails. thanks in advance, Sami ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ezjails
any idea where to find that patchset??? On Thu, Oct 16, 2008 at 6:54 PM, Jase Thew <[EMAIL PROTECTED]> wrote: > Sami Halabi wrote: > >> Hi, >> >> i just read about the ezjail tool, nasicly i used my own tools, but it >> sound >> nice tool. >> my question is if there is a modified version of ezjails that >> administrates >> the multiple >> ips patched jails. >> >> thanks in advance, >> Sami >> ___ >> freebsd-jail@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to "[EMAIL PROTECTED]" >> >> > Hi, > > The last time I checked, the author of ezjail stated that he would only > support multi-ip jails within ezjail once they became an official feature of > FreeBSD, rather than just a patchset. > > Regards, > > Jase. > ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Succesful patch on several hosts with RELENG_7
I'm joining the compliments... its for about 2 months now and working as a charm also... bz, Your great.. this feature MUST be in the official production fbsd for everyone. thanks for your efforts Sami On Fri, Oct 24, 2008 at 6:07 PM, Lorenzo Perone < [EMAIL PROTECTED]> wrote: > > Hi, > > Just wanted to give my feedback > on Your patch bz_jail7-20080920-01-at150161.diff, which I got > by reading this list, on > > http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff > > Just patched several RELENG_7 hosts (FreeBSD 7.0-PRERELEASE, > last one yesterday), and for the time being, it works like a > charm. THANK YOU VERY MUCH for this patch and Your efforts, > as this is a very important feature for me and for several > others. I hope so much that it will be included into RELENG_7o > fficially, and/or that You will be update it eventually, > if necessary. > > Kudos, Regards && lots of free beer.. > > Lorenzo > > > ___ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
VNET
Hi, I want to ask aout VNET jails, i read somehwre that I'm able to run IPFW, but not PF firewall in a cnet jail. is that correct? i want a vnet jail basicly for nat, so natd with ipfw + ipdivert is my choice? or i can use pf somehow, I never used pf before, so i would like some advise here... Thanks in advance, -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: VNET
Thank you. I want to use vnet jail for a specific subnet that I need to seperate from the system. so basicly i create a vlan + a bridged interface to the public. these two (vlan+bridged interface- epair0a) will in in the vnet jail, so I can do NAT only for that vlan going out. This is the idea, as there are more interfaces in the system and there is only one interface out... so basicly it should be a firewall & Nat only between the specific lan and the outside world. Can this be accomplished otherway? Sami On Wed, Jun 20, 2012 at 5:43 PM, Alexander V. Chernikov < melif...@freebsd.org> wrote: > On 19.06.2012 12:56, Sami Halabi wrote: > >> Hi, >> >> I want to ask aout VNET jails, i read somehwre that I'm able to run IPFW, >> but not PF firewall in a cnet jail. >> is that correct? >> >> i want a vnet jail basicly for nat, so natd with ipfw + ipdivert is my >> > 1) You can do nat without vnet. > 2) ipfw nat is currently the easiest way to do nat. > > > choice? or i can use pf somehow, I never used pf before, >> so i would like some advise here... >> >> Thanks in advance, >> >> > > -- > WBR, Alexander > -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: how to measure bandwidth per jail
Hi
Try jnettop from ports... exactly what your looking at.
However its old, so the counters are 32 bit rather than 64 which means its
pretty effective on 100mbit links
plus its cpu consumer by design
Sami
On Mar 21, 2013 8:27 PM, "Nicolas de Bari Embriz Garcia Rojas" <
nb...@inbox.im> wrote:
> Hi, one strange behavior I notice (freeBSD 9.1) is that I don't see the
> Obytes per IP only for the bce0 interface, but I do for the cloned
> interface lo1:
>
> here is a link with the output of netstat -ib http://pastebin.com/arrRsM78
>
> any ideas ?
>
> regards.
>
> On 03/21/2013 18:12, Scott Lambert wrote:
> > On Thu, Mar 21, 2013 at 01:26:13AM +, Nicolas de Bari Embriz Garcia
> Rojas wrote:
> >> Hi, any tool, idea or method for measuring the bandwidth consumed per
> >> jail ? (or by IP)
> >>
> >> What about using pflow ( pseudo-device pflow) any advice ?
> > I found a thread about this topic yesterday via Google. It was on
> > the freebsd-...@frebbsd.org mailing list sometime in 2005 if I
> > remember correctly.
> >
> > They came up with a few options
> >
> > netflow,
> >
> > counting rules in IPFW/pf/ipf
> >
> > netstat -rni ( which gets you packet counts,
> > -rnbi gives you in-bytes and out-bytes)
> >
> > bandwidthd (in ports I believe)
> >
> > I suppose ntop could do similar things.
> >
> > My favorite option was netstat -rnbi | awk '{print $8,$11}' and
> > feeding that to MRTG. I have not gotten it implemented yet.
> >
> > One consideration is that on FreeBSD 8 and older, you don't get out
> > traffic per IP address with netstat, as far as I can tell. We're
> > moving to FreeBSD 9 pretty quickly anyway.
> >
>
> ___
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: how to measure bandwidth per jail
Jnettop has the ability to:
Measure bandwidth/packets in partecular intergace.
Simply use:
0,1..9 to switch between interfaces.
p to switch between packets/bandwidth
b to measure in bytes/bits
You better define your local ips in the .jnettop file, once that done your
measurs would be more accurate specially when you aggregate traffic (in
local/remote) by ip/protocol...
Additional option is content filter mainly in web traffic.
You can also add custom ips to measure using .jnettoo file.
Sami
On Mar 22, 2013 1:05 PM, "Nicolas de Bari Embriz Garcia Rojas" <
nb...@inbox.im> wrote:
> Hi, I tried jnettop but is something like 'trafshow', I am searching
> something like vnstat, that could help me measure the rx/tx & total
> consumed bandwidth.
>
> any ideas?
>
>
>
> On 03/21/2013 18:48, Sami Halabi wrote:
>
> Hi
> Try jnettop from ports... exactly what your looking at.
>
> However its old, so the counters are 32 bit rather than 64 which means its
> pretty effective on 100mbit links
> plus its cpu consumer by design
> Sami
> On Mar 21, 2013 8:27 PM, "Nicolas de Bari Embriz Garcia Rojas" <
> nb...@inbox.im> wrote:
>
>> Hi, one strange behavior I notice (freeBSD 9.1) is that I don't see the
>> Obytes per IP only for the bce0 interface, but I do for the cloned
>> interface lo1:
>>
>> here is a link with the output of netstat -ib
>> http://pastebin.com/arrRsM78
>>
>> any ideas ?
>>
>> regards.
>>
>> On 03/21/2013 18:12, Scott Lambert wrote:
>> > On Thu, Mar 21, 2013 at 01:26:13AM +, Nicolas de Bari Embriz
>> Garcia Rojas wrote:
>> >> Hi, any tool, idea or method for measuring the bandwidth consumed per
>> >> jail ? (or by IP)
>> >>
>> >> What about using pflow ( pseudo-device pflow) any advice ?
>> > I found a thread about this topic yesterday via Google. It was on
>> > the freebsd-...@frebbsd.org mailing list sometime in 2005 if I
>> > remember correctly.
>> >
>> > They came up with a few options
>> >
>> > netflow,
>> >
>> > counting rules in IPFW/pf/ipf
>> >
>> > netstat -rni ( which gets you packet counts,
>> > -rnbi gives you in-bytes and out-bytes)
>> >
>> > bandwidthd (in ports I believe)
>> >
>> > I suppose ntop could do similar things.
>> >
>> > My favorite option was netstat -rnbi | awk '{print $8,$11}' and
>> > feeding that to MRTG. I have not gotten it implemented yet.
>> >
>> > One consideration is that on FreeBSD 8 and older, you don't get out
>> > traffic per IP address with netstat, as far as I can tell. We're
>> > moving to FreeBSD 9 pretty quickly anyway.
>> >
>>
>> ___
>> freebsd-jail@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
>> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>>
>
>
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
