Hallo,
in der jail manpage steht, das der Host kein NFS-Server sein darf, weil er nicht an eine bestimmte ip gebunden werden darf. Diese Dienste müssten neu kompiliert werden, insbesondere nfsd:
Habe ich einen Dienst übersehen?
Betreibt Ihr einen NFS-Server auf einem Jail-Host?
Grüße.
arcona
in der jail manpage steht, das der Host kein NFS-Server sein darf, weil er nicht an eine bestimmte ip gebunden werden darf. Diese Dienste müssten neu kompiliert werden, insbesondere nfsd:
Allerdings sagt die man nfsdIn addition, a number of services must be recompiled in order to run them
in the host environment. This includes most applications providing ser-
vices using rpc(3), such as rpcbind(8), nfsd(8), and mountd(8). In gen-
eral, applications for which it is not possible to specify which IP
address to bind should not be run in the host environment unless they
should also service requests sent to jail IP addresses. Attempting to
serve NFS from the host environment may also cause confusion, and cannot
be easily reconfigured to use only specific IPs, as some NFS services are
hosted directly from the kernel. Any third-party network software run-
ning in the host environment should also be checked and configured so
that it does not bind all IP addresses, which would result in those ser-
vices' also appearing to be offered by the jail environments.
man rpcbind:-h bindip
Specifies which IP address or hostname to bind to on the local
host. This option is recommended when a host has multiple inter-
faces. Multiple -h options may be specified.
mountd:-h bindip
Specify specific IP addresses to bind to for TCP and UDP
requests. This option may be specified multiple times and is
typically necessary when running on a multi-homed host. If no -h
option is specified, rpcbind will bind to INADDR_ANY, which could
lead to problems on a multi-homed host due to rpcbind returning a
UDP packet from a different IP address than it was sent to. Note
that when specifying IP addresses with -h, rpcbind will automati-
cally add 127.0.0.1 and if IPv6 is enabled, ::1 to the list.
Was stimmt denn nun?-h bindip
Specify specific IP addresses to bind to for TCP and UDP
requests. This option may be specified multiple times. If no -h
option is specified, mountd will bind to INADDR_ANY. Note that
when specifying IP addresses with -h, mountd will automatically
add 127.0.0.1 and if IPv6 is enabled, ::1 to the list.
Habe ich einen Dienst übersehen?
Betreibt Ihr einen NFS-Server auf einem Jail-Host?
Grüße.
arcona