[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ezjail] ezjail and ipfw
Rudy and ohthers,
Thanks. I now understand this.
But I still have to open the ports on the host machine to the ip address
used by the jail???
Thanks for all the answers. I'm learning to understand jails
----- Original Message -----
From: "Rudy" <crapsh AT monkeybrains DOT net>
To: <ezjail AT erdgeist DOT org>
Sent: Monday, December 14, 2009 5:35 PM
Subject: Re: [ezjail] ezjail and ipfw
Even more simply put (and really, you should test this so you see it in
action and understand jails better),
inside a jail * = the IP assigned to it.
inside the 'non jail system' * = all the ips on the box.
So, if you have
and you log onto jailA and bing apache to * then it will be listening
only to 10.0.0.2. Type ifconfig inside of jailA and you will only see
10.0.0.2. type ifconfig while logged into jailC an you will only see
Oh, you can log into jails from the 'host' (eg non-jailed, master
FreeBSD instance) with the jexec command.
jls (list jails)
jexec PICK_NUMBER_FROM_JLS tcsh
services inside jail will only listen to addresses assigned to jail.
They wont try to listen to any other system address. All you should take
care of are host services (i had to make changes to ssh and ntpd configs