# SSH in Jails (accesing from other location)



## ligregni (Jan 21, 2010)

Hi all

I have read many docs about Jails, including the Handbook, the jails(8) man page, and searched for some threads here talking about that, but I have no answer yet.

I am running a 8.0-FreeBSD machine, installed a Jail in it and I can successfully start/enter/login into it.

My specs are the following:


```
Host's IP: 1.2.3.5 (from other computers in the same network I can SSH using this IP)
Jail's IP: 192.168.1.64
```

Also, I have my router set to redirect the traffic in port 22 to 1.2.3.5, so *I can SSH the Host from my work* (so there is no problem with my router configuration).

If I type:


```
Host# ssh user@192.168.1.64
```

I get access to the jail (so, Jail's SSHd is well configured since I can access it from the Host system using SSH).

But if I SSH from other computer, I get into the Host system, not the Jail system that is where I wanna go.

*I tried these things in the Host:*


```
Host# vi /etc/ssh/sshd_config

Port 22222 # I want to access the Host system via SSH but using another Port, I don't have problems here, simply I typed: ssh -p 22222 
user@public_ip_address and got logged in the Host

ListenAddress 1.2.3.5 # I also tried 192.169.1.64, I have no success with any of both (and sincerelly I don't see the point of telling SSH to 
listen its address (I got that on some resources I found: http://onlamp.com/pub/a/bsd/2006/03/09/jails-virtualization.html))
```

And according the same link, I also changed:


```
Host# vi /etc/rc.conf

inetd_flags="-wW -a 1.2.3.5"
syslogd_flags="-ss"
sshd_enable="YES"
ifconfig_vr0="DHCP"

jail_interface="vr0"
jail_first_ip="192.168.1.64"
```

(I put also the lines I think should help you to diagnose the problem)

*And also in the Jail:*


```
Jail# vi /etc/ssh/sshd_config

Port 22 # I want the jail to listen in this port

ListenAddress # Tried both 192.168.1.64 (jail's) and 1.2.3.5 (host)
```

I think there must be some redirection in the Host System I must put but I am lost.

Thanks for your help.


----------



## anomie (Jan 21, 2010)

192.168.1.64 is on private IP space. Other hosts on your company network aren't going to have a route to get there -- unless your host provides NAT for the jail. 

I haven't played with it, but someone here can probably advise you on natd(8).


----------



## ligregni (Mar 6, 2010)

Thanks "*anomie*"

I solved the problem following your advice, NAT was the answer.

Some config files to show the solution:

Host's /etc/rc.conf

```
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="vr0"
natd_flags="-f /etc/natd.conf"
```

Host's /etc/natd.conf

```
redirect_port tcp 192.168.1.64:22 22
```

Host's /etc/ssh/sshd_config

```
Port 23456
```
/* This is to guarantee the access to your server (in the Host) but changing the port, while all Port22 activity will go to the Jail */

Host's /boot/loader.conf # I don't know really if it's necessary, try this after failed attempts 

```
ipfw_load="YES"
ipdivert_load="YES"
net.inet.ip.fw.default_to_accept="1"
```

AND NOW WITH THE JAIL

Jail's /etc/rc.conf


```
sshd_enable="YES"
```

All the other files (like Jail's /etc/ssh/sshd_config) remain with it's default config.

I didn't know FreeBSD had NAT service until above post mentioned, thanks again!

Greetings from Mexico!!!


----------



## ligregni (Mar 6, 2010)

*Solved!!!*

Solved!!! (I can't edit my threads so ask for a moderator to change it)


----------

