[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] ezjail and ipfw



I know. Every jail has it's own ip address

When creating jails using ezjail-admin you'll get a list of ports allready used by the system.
e.g. port 22 is being used by sshd on the host machine and also in the jail.
To accomplish this you have to change the configs of sshd to listen to their own ip-address and not all addresses.

Is it possible to use the standard configs (listen to all adresses) using ipfw so that the jail can listen to all addresses in its configs while in fact it only listen to its own ip address.

Thanks

Jack




----- Original Message ----- From: "Ruben Arutyunyan" <ruben_arutyunyan AT shl DOT ru>
To: <ezjail AT erdgeist DOT org>
Sent: Monday, December 14, 2009 7:21 AM
Subject: Re: [ezjail] ezjail and ipfw


Jack,

as far as i know every ip address in system can be used by maximum one jail. You cant make all jails listen on all ports.

Ruben

Jack Raats wrote:
Ruben,

I alllready read that part of the handbook, but it doesn't explain how to use ipfw in a jail. I want ipfw to separate the two jails so that every jail can use the standard configs (to listen to all ipadresses and all ports)

Thanks for your answer!

Jack



----- Original Message ----- From: "Ruben Arutyunyan" <ruben_arutyunyan AT shl DOT ru>
To: <ezjail AT erdgeist DOT org>
Sent: Monday, December 14, 2009 7:16 AM
Subject: Re: [ezjail] ezjail and ipfw


Hello,

have a look
http://www.freebsd.org/doc/en/books/handbook/firewalls-ipfw.html

Ruben

Jack Raats wrote:
Hi,
 I'm looking for a good manual how to implement ipfw in and with jails.
Google doesn't give anything usefull.
The (ez)jail is running without any problem, but how to implement ipfw.
On the host machine? How?
 Thanks for your time
 Jack