Jack,services inside jail will only listen to addresses assigned to jail. They wont try to listen to any other system address. All you should take care of are host services (i had to make changes to ssh and ntpd configs myself).
Ruben Jack Raats wrote:
I know. Every jail has it's own ip addressWhen creating jails using ezjail-admin you'll get a list of ports allready used by the system. e.g. port 22 is being used by sshd on the host machine and also in the jail. To accomplish this you have to change the configs of sshd to listen to their own ip-address and not all addresses.Is it possible to use the standard configs (listen to all adresses) using ipfw so that the jail can listen to all addresses in its configs while in fact it only listen to its own ip address.Thanks Jack----- Original Message ----- From: "Ruben Arutyunyan" <ruben_arutyunyan AT shl DOT ru>To: <ezjail AT erdgeist DOT org> Sent: Monday, December 14, 2009 7:21 AM Subject: Re: [ezjail] ezjail and ipfwJack,as far as i know every ip address in system can be used by maximum one jail. You cant make all jails listen on all ports.Ruben Jack Raats wrote:Ruben,I alllready read that part of the handbook, but it doesn't explain how to use ipfw in a jail. I want ipfw to separate the two jails so that every jail can use the standard configs (to listen to all ipadresses and all ports)Thanks for your answer! Jack----- Original Message ----- From: "Ruben Arutyunyan" <ruben_arutyunyan AT shl DOT ru>To: <ezjail AT erdgeist DOT org> Sent: Monday, December 14, 2009 7:16 AM Subject: Re: [ezjail] ezjail and ipfwHello, have a look http://www.freebsd.org/doc/en/books/handbook/firewalls-ipfw.html Ruben Jack Raats wrote:Hi,I'm looking for a good manual how to implement ipfw in and with jails.Google doesn't give anything usefull.The (ez)jail is running without any problem, but how to implement ipfw.On the host machine? How? Thanks for your time Jack