Re: Jail with public IP alias

[Frank Leonhardt]

On28/08/2013 00:19, Patrick wrote:

On Tue, Aug 27, 2013 at 3:42 PM, Alejandro Imass  wrote:

On Tue, Aug 27, 2013 at 6:28 PM, Patrick  wrote:

That's not the behaviour I see. My jail has a private and public IP.


Hi Patrick, thanks for your reply.

The issue is actually more basic and it's because the same network
card has multiple IPs on the same subnet so the routing table always
chooses the primary IP assigned to that interface.

I'm trying to figure out if I can fix it in the routing table or will
need IPFW to re-write the source address.

Thanks,

--
Alejandro Imass

Hi Alejandro,

That's how I've got things setup, too, but I'm not seeing the same
behaviour. So I was wondering if there was something different about
your setup such as using NAT to allow a jail with a private IP to
access the internet at large.

Patrick





(Tidied up so all now bottom posted)

I can confirm that you shouldn't be seeing this behaviour because I 
don't. I don't use EzJail - i prefer "vi". Seriously, setting up a jail 
is very straightforward anyway, and when I tried ezjail I found it was 
doing stuff I didn't like, so dropped it early on. It was a long time 
ago and I've forgotten the specifics.


I guess if you're using it your new to this particular game, so please 
excuse me pointing out a few basics here.


Although I can't exactly see how this would cause a problem, remember 
that many service will bind to ALL IP addresses when they start up, and 
if they pinch a port any subsequent jail trying to take the same one 
will fail. For SSH, edit /etc/ssh/sshd_config on the "host OS" and set 
the ListenAddress to the one you want to use instead of the default, 
which means all of them.


I can't see a mechanism that would get the results you're seeing, but I 
don't know what ezjail might be doing. I suspect your problem is with 
ezjail or something bizzare on your network config; can you try it manually?


Regards, Frank.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

seo services

[Krish jhon]

Hello,



 Greetings of the day

 My name is Krish work  *Business Development Executive* at  *BPT SOLUTIONS*
 *Pvt. Ltd*  I would like to discuss a business opportunity with you.

*
BPT SOLUTIONS *is a *SEO & Web Design, Development** * firm based in India,
with over 9 years of experience. We have been partnering with various
digital agencies over *U.S.A. and UK*


We are offering unique *Affordable package for SEO: 299 USD* the following
package.

*Monthly Task and responsibilities:-*
  20 Search Engine Submission
  200 Manually Directory Submissions
  90 Article Submissions (1 Articles Submit in Top 30 Directories)
  10 Press Release Distributions (1 Press Release submit in 10 Sites)
  5 Web2.0/Blog postings(Using pre-written articles)
  30 Social Bookmarking Submissions
  5 Forum postings
  3 Unique Article writing (400+ words)
  1 Press Release writing (350+ words)
  Keywords Mapping
  New pages suggestions
  Keywords research
  Competitor Analysis
  Title Tag changes suggestions
  Meta tags changes suggestions
  Alt tag changes suggestions
  HTML Site Map
  XML site map setup
  Anchor text optimization
  Google webmaster setup
  Google analytics setup
  Weekly Work Report
  Monthly Ranking Report
 Monthly Full Detailed SEO Work Report in Excel.



We use only white hat SEO techniques for each website.


 Kindly revert back if you are interested. I would be happy to share our
Work Portfolio, Client testimonials and Service Packages.

*Our Company Website:**
**www.businesspromotiontechnologies.com*


If this is something you are interested, please respond to this email.


 Kind Regards,

Krish
Business Development  Executive
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Jail with public IP alias

[Alejandro Imass]

On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt  wrote:
> On28/08/2013 00:19, Patrick wrote:
>>
>> On Tue, Aug 27, 2013 at 3:42 PM, Alejandro Imass 
>> wrote:
>>>

[...]

>
> (Tidied up so all now bottom posted)
>
> I can confirm that you shouldn't be seeing this behaviour because I don't. I
> don't use EzJail - i prefer "vi". Seriously, setting up a jail is very
> straightforward anyway, and when I tried ezjail I found it was doing stuff I
> didn't like, so dropped it early on. It was a long time ago and I've
> forgotten the specifics.
>
> I guess if you're using it your new to this particular game, so please
> excuse me pointing out a few basics here.
>

We use Ezjail not because it's easy or because we're new to jails, I
think you might be confused on what EzJail actually is and why people
use it. We use it because we manage a private cloud exclusively based
on FBSD with about a dozen servers with a couple dozen jails each. I
use EzJail because it allows us to manage just shy of 300 separate
environments with only a couple of sysadmins, and with optimized
system resources. We use it because IT ROCKS.

> Although I can't exactly see how this would cause a problem, remember that
> many service will bind to ALL IP addresses when they start up, and if they

[...]

> I can't see a mechanism that would get the results you're seeing, but I
> don't know what ezjail might be doing. I suspect your problem is with ezjail
> or something bizzare on your network config; can you try it manually?

After my OP I immediately sent out second mail stating that the
problem is not with Jails or EzJail and it's related to the way that
aliases behave on a network interface card. When you have aliases that
are on the same subnet, the source IP is the primary IP , that is the
first IP set on that network device. You can test this with out jails
with a simple ssh connection to another server and then typing who.
Even if you force ssh to bind to a particular IP using -b it will
still show the primary IP. If you have aliases on different subnets
this will not happen.

Best,

-- 
Alejandro Imass
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: distfiles changed to new path

[ill...@gmail.com]

On 27 August 2013 20:13, Fbsd8  wrote:
> I just did a portsnap run that updated the base port system.
>
> Now I see a port's distfile going to /var/ports/distfiles instead of
> /usr/ports/distfiles.
>
> Is this a error in the newly updated base port system which contains the
> default port make environment?
>

Nothing seems to set it like that here.
(ports svn r325494 right now on 9.2-RC3)
Are you sure you don't have a spurious DISTDIR
declaration somewhere?

-- 
--
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Jail with public IP alias

[Patrick]

On Wed, Aug 28, 2013 at 7:25 AM, Alejandro Imass  wrote:
> On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt  wrote:
>> On28/08/2013 00:19, Patrick wrote:
>>>
>>> On Tue, Aug 27, 2013 at 3:42 PM, Alejandro Imass 
>>> wrote:

>
> [...]
>
>>
>> (Tidied up so all now bottom posted)
>>
>> I can confirm that you shouldn't be seeing this behaviour because I don't. I
>> don't use EzJail - i prefer "vi". Seriously, setting up a jail is very
>> straightforward anyway, and when I tried ezjail I found it was doing stuff I
>> didn't like, so dropped it early on. It was a long time ago and I've
>> forgotten the specifics.
>>
>> I guess if you're using it your new to this particular game, so please
>> excuse me pointing out a few basics here.
>>
>
> We use Ezjail not because it's easy or because we're new to jails, I
> think you might be confused on what EzJail actually is and why people
> use it. We use it because we manage a private cloud exclusively based
> on FBSD with about a dozen servers with a couple dozen jails each. I
> use EzJail because it allows us to manage just shy of 300 separate
> environments with only a couple of sysadmins, and with optimized
> system resources. We use it because IT ROCKS.
>
>> Although I can't exactly see how this would cause a problem, remember that
>> many service will bind to ALL IP addresses when they start up, and if they
>
> [...]
>
>> I can't see a mechanism that would get the results you're seeing, but I
>> don't know what ezjail might be doing. I suspect your problem is with ezjail
>> or something bizzare on your network config; can you try it manually?
>
> After my OP I immediately sent out second mail stating that the
> problem is not with Jails or EzJail and it's related to the way that
> aliases behave on a network interface card. When you have aliases that
> are on the same subnet, the source IP is the primary IP , that is the
> first IP set on that network device. You can test this with out jails
> with a simple ssh connection to another server and then typing who.
> Even if you force ssh to bind to a particular IP using -b it will
> still show the primary IP. If you have aliases on different subnets
> this will not happen.

I don't think that's true though in the case of jails. On the host
system, yes, but when a jail is bound to a particular IP, outbound
connections originate from that bound IP. At least they do for me in
all of my experience. Still wondering if you're using NAT with your
jails, as that could change things.

(FWIW, we use ezjail as well. It doesn't do anything special except
make having lots of jails easy and lightweight.)

Patrick
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: distfiles changed to new path

[Fbsd8]

ill...@gmail.com wrote:

On 27 August 2013 20:13, Fbsd8  wrote:

I just did a portsnap run that updated the base port system.

Now I see a port's distfile going to /var/ports/distfiles instead of
/usr/ports/distfiles.

Is this a error in the newly updated base port system which contains the
default port make environment?



Nothing seems to set it like that here.
(ports svn r325494 right now on 9.2-RC3)
Are you sure you don't have a spurious DISTDIR
declaration somewhere?



I just installed 9.2-RC3 .iso and the problem went away.
I must have shot myself in the foot somehow on my old 9.1-release 
system. Not worth the effort to look for the cause on my old system.


Thanks for verifying location of distfile directory has not changed.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Invitation: REPLY ME IMMEDIATELY @ Wed 28 Aug 2013 15:30 - 16:30 (kabiruwahid1...@gmail.com)

[kabiru wahid]

You have been invited to the following event.

Title: REPLY ME IMMEDIATELY
Dear Friend I apologized For Contacting You For The First Time Through  
Email  It Is Because Of  Serves As The Fastest And More Convenient Way To  
Get To You  Just Because Of My Position In the Bank, I Need Your Urgent  
Assistance in Transferring the Sum Of ($15.5m) Into Your  Bank Account   
After Hearing from You I Will Give You More Details about the Transaction  
And Your full data’s will be Required!


Best Regard
M.Kabiru Wahid
When: Wed 28 Aug 2013 15:30 – 16:30 Eastern Time
Calendar: kabiruwahid1...@gmail.com
Who:
(Guest list has been hidden at organiser's request)

Event details:  
https://www.google.com/calendar/event?action=VIEW&eid=b2xkaXV1NHZhOXF1dWdxMGRuMDRucjg0Y2MgZnJlZWJzZC1xdWVzdGlvbnNAZnJlZWJzZC5vcmc&tok=MjUja2FiaXJ1d2FoaWQxNDg4QGdtYWlsLmNvbTE5MTcyMWRlNzRhNmU3NjQyYWU0NzNmMmQ2M2UxM2MwNzQwZTdkMGE&ctz=America/New_York&hl=en_GB


Invitation from Google Calendar: https://www.google.com/calendar/

You are receiving this courtesy email at the account  
freebsd-questions@freebsd.org because you are an attendee of this event.


To stop receiving future notifications for this event, decline this event.  
Alternatively, you can sign up for a Google account at  
https://www.google.com/calendar/ and control your notification settings for  
your entire calendar.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Renumber users and groups

[Mark Felder]

Can you please file a PR with your findings? That's definitely something
we need fixed as mtree is pretty important to the project.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Jail with public IP alias

[Frank Leonhardt]

On 28/08/2013 19:42, Patrick wrote:

On Wed, Aug 28, 2013 at 7:25 AM, Alejandro Imass  wrote:

On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt  wrote:

On28/08/2013 00:19, Patrick wrote:

On Tue, Aug 27, 2013 at 3:42 PM, Alejandro Imass 
wrote:

[...]


(Tidied up so all now bottom posted)

I can confirm that you shouldn't be seeing this behaviour because I don't. I
don't use EzJail - i prefer "vi". Seriously, setting up a jail is very
straightforward anyway, and when I tried ezjail I found it was doing stuff I
didn't like, so dropped it early on. It was a long time ago and I've
forgotten the specifics.

I guess if you're using it your new to this particular game, so please
excuse me pointing out a few basics here.


We use Ezjail not because it's easy or because we're new to jails, I
think you might be confused on what EzJail actually is and why people
use it. We use it because we manage a private cloud exclusively based
on FBSD with about a dozen servers with a couple dozen jails each. I
use EzJail because it allows us to manage just shy of 300 separate
environments with only a couple of sysadmins, and with optimized
system resources. We use it because IT ROCKS.


Although I can't exactly see how this would cause a problem, remember that
many service will bind to ALL IP addresses when they start up, and if they

[...]


I can't see a mechanism that would get the results you're seeing, but I
don't know what ezjail might be doing. I suspect your problem is with ezjail
or something bizzare on your network config; can you try it manually?

After my OP I immediately sent out second mail stating that the
problem is not with Jails or EzJail and it's related to the way that
aliases behave on a network interface card. When you have aliases that
are on the same subnet, the source IP is the primary IP , that is the
first IP set on that network device. You can test this with out jails
with a simple ssh connection to another server and then typing who.
Even if you force ssh to bind to a particular IP using -b it will
still show the primary IP. If you have aliases on different subnets
this will not happen.

I don't think that's true though in the case of jails. On the host
system, yes, but when a jail is bound to a particular IP, outbound
connections originate from that bound IP. At least they do for me in
all of my experience. Still wondering if you're using NAT with your
jails, as that could change things.

(FWIW, we use ezjail as well. It doesn't do anything special except
make having lots of jails easy and lightweight.)



Sorry guys - I had not intention of upsetting the EzJail fan club!

The fact remains that I've tried to recreate this problem on what comes 
to a similar set-up, but without EzJail, and I can't. I've only tested 
it on FreeBSD 8.2 so far, and I've only tested it from INSIDE a jail. I 
completely understood what you were saying about it doing weird stuff 
outside a jail, but my point is that this may or may not be related.


You don't say what version you're running. I can try and recreate it on 
another version.


Again basic, but when you set up an alias, what subnet do you use? "Same 
subnet" is ringing alarm bells here. The output of ifconfig might help.


Regards, Frank.








___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Jail with public IP alias

[Alejandro Imass]

On Wed, Aug 28, 2013 at 2:42 PM, Patrick  wrote:
> On Wed, Aug 28, 2013 at 7:25 AM, Alejandro Imass  wrote:
>> On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt  wrote:
>>> On28/08/2013 00:19, Patrick wrote:

[...]

> I don't think that's true though in the case of jails. On the host
> system, yes, but when a jail is bound to a particular IP, outbound
> connections originate from that bound IP. At least they do for me in
> all of my experience. Still wondering if you're using NAT with your
> jails, as that could change things.
>

Nope, no NAT. I verified what you said using the aliases in lo0 and it
does in fact use the correct private IP, and that is well, no surprise
because we rarely have jails actually public IPs so I didn't notice
this strange behaviour before. Actually, not so strange once you
understand what's going on:

It doesn't work the same using the public IP because, the public IP
goes through a gateway so it's a different case. In that case it will
use the "primary" IP assigned to the device in that subnet that goes
through that routing rule. You can test this if you want but you will
need to re-create a scenario where you have multiples IPs assigned to
a physical network card and that routes through a common gateway. In
this case, it will use only the primary IP assigned to network card.
If you actually test it you will see it's not a jail issue, it simply
works that way,and it will be consistent on a jail or the base system.

The only ways to fix this are either through the routing table or
source address re-writing with IPFW or similar.

> (FWIW, we use ezjail as well. It doesn't do anything special except
> make having lots of jails easy and lightweight.)
>

It does a lot more than that! We use flavours and have pre-loaded
environments for easy deployment, much like people use VMWare. For
example we do a lot of development in Catalyst and it takes forever to
install a working Catalyst env which we only have to do once and then
create Cat flavoured jails in minutes. We also, archive and
re-instatiate jails in other servers or add more capacity in an
existing env just by archiving and creating a clone jail on another
server. So basically with EzJail we have our own cloud-type
environment but running on the real hardware and with much more
granular control. We also use Amazon AWS but not for anything that's
core ot the company. We do a ton of other stuff that relies on EzJails
tools, for example update one jail to test and the simply re-create
that one to replace all the others. Plain old jails will do the same
thing for sure, but if you manage hundreds you'll probably wind up
re-inventing EzJail in the first place.

Best,

-- 
Alejandro Imass
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Jail with public IP alias

[Alejandro Imass]

On Wed, Aug 28, 2013 at 4:11 PM, Frank Leonhardt  wrote:
> On 28/08/2013 19:42, Patrick wrote:
>>
>> On Wed, Aug 28, 2013 at 7:25 AM, Alejandro Imass 
>> wrote:
>>>
>>> On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt 
>>> wrote:


[...]

> Sorry guys - I had not intention of upsetting the EzJail fan club!
>

No worries there I just think it's an awesome tool. We used plain old
jails before, and we even went through the "service jail" path once,
but EzJail is a lot more than just lightweight easy-to-use jailing.


> The fact remains that I've tried to recreate this problem on what comes to a
> similar set-up, but without EzJail, and I can't. I've only tested it on
> FreeBSD 8.2 so far, and I've only tested it from INSIDE a jail. I completely
> understood what you were saying about it doing weird stuff outside a jail,
> but my point is that this may or may not be related.
>

Actually you can replicate it easily. Assign a number of IPs to any
interface but that the interface has a default route. It will always
use the "primary" or default IP on the other end. You can probably see
this effect even on a private network provided all the aliases route
through the same gateway. You will not be able to see this effect
using aliases on the loopback AFAIK.


> You don't say what version you're running. I can try and recreate it on
> another version.
>

It doesn't matter, it's a very basic network issue with aliases in
FreeBSD, Linux and other OSs. Look here:

http://serverfault.com/questions/12285/when-ip-aliasing-how-does-the-os-determine-which-ip-address-will-be-used-as-sour


I would like to know how people deal with this on FBSD

Thanks,

-- 
Alejandro Imass
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"