[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] ezjail and ipfw

Rudy and ohthers,

Thanks. I now understand this.
But I still have to open the ports on the host machine to the ip address used by the jail???

Thanks for all the answers. I'm learning to understand jails


----- Original Message ----- From: "Rudy" <crapsh AT monkeybrains DOT net>
To: <ezjail AT erdgeist DOT org>
Sent: Monday, December 14, 2009 5:35 PM
Subject: Re: [ezjail] ezjail and ipfw


Even more simply put (and really, you should test this so you see it in
action and understand jails better),
inside a jail  * = the IP assigned to it.
inside the 'non jail system' * = all the ips on the box.

So, if you have
IP   Hostname jailA jailB jailC
and you log onto jailA and bing apache to * then it will be listening
only to  Type ifconfig inside of jailA and you will only see  type ifconfig while logged into jailC an you will only see

Oh, you can log into jails from the 'host'  (eg non-jailed, master
FreeBSD instance) with the jexec command.
jls (list jails)
ifconfig -a

Good luck!



services inside jail will only listen to  addresses assigned to jail.
They wont try to listen to any other system address. All you should take
care of are host services (i had to make changes to ssh and ntpd configs