[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] ezjail and ipfw



Ruben,

This would mean that I have to change e.g. every httpd.conf of Apache to
listen to the IP address assigned. The problem is that the jails are
maintained by someone else.
I somewhere read that this could be prevented bye u8sing the firewall.

Jack





> Jack,
>
> services inside jail will only listen to  addresses assigned to jail.
> They wont try to listen to any other system address. All you should take
> care of are host services (i had to make changes to ssh and ntpd configs
> myself).
>
> Ruben
>
> Jack Raats wrote:
>> I know. Every jail has it's own ip address
>>
>> When creating jails using ezjail-admin you'll get a list of ports
>> allready used by the system.
>> e.g. port 22 is being used by sshd on the host machine and also in the
>> jail.
>> To accomplish this you have to change the configs of sshd to listen to
>> their own ip-address and not all addresses.
>>
>> Is it possible to use the standard configs (listen to all adresses)
>> using ipfw so that the jail can listen to all addresses in its configs
>> while in fact it only listen to its own ip address.
>>
>> Thanks
>>
>> Jack
>>
>>
>>
>>
>> ----- Original Message ----- From: "Ruben Arutyunyan"
>> <ruben_arutyunyan AT shl DOT ru>
>> To: <ezjail AT erdgeist DOT org>
>> Sent: Monday, December 14, 2009 7:21 AM
>> Subject: Re: [ezjail] ezjail and ipfw
>>
>>
>>> Jack,
>>>
>>> as far as i know every ip address in system can be used by maximum
>>> one jail. You cant make all jails listen on all ports.
>>>
>>> Ruben
>>>
>>> Jack Raats wrote:
>>>> Ruben,
>>>>
>>>> I alllready read that part of the handbook, but it doesn't explain
>>>> how to use ipfw in a jail.
>>>> I want ipfw to separate the two jails so that every jail can use the
>>>> standard configs (to listen to all ipadresses and all ports)
>>>>
>>>> Thanks for your answer!
>>>>
>>>> Jack
>>>>
>>>>
>>>>
>>>> ----- Original Message ----- From: "Ruben Arutyunyan"
>>>> <ruben_arutyunyan AT shl DOT ru>
>>>> To: <ezjail AT erdgeist DOT org>
>>>> Sent: Monday, December 14, 2009 7:16 AM
>>>> Subject: Re: [ezjail] ezjail and ipfw
>>>>
>>>>
>>>>> Hello,
>>>>>
>>>>> have a look
>>>>> http://www.freebsd.org/doc/en/books/handbook/firewalls-ipfw.html
>>>>>
>>>>> Ruben
>>>>>
>>>>> Jack Raats wrote:
>>>>>> Hi,
>>>>>>  I'm looking for a good manual how to implement ipfw in and with
>>>>>> jails.
>>>>>> Google doesn't give anything usefull.
>>>>>>  The (ez)jail is running without any problem, but how to implement
>>>>>> ipfw.
>>>>>> On the host machine? How?
>>>>>>  Thanks for your time
>>>>>>  Jack
>>>>>
>>>>
>>>
>>
>